CVE-2022-45475

Опубликовано: 25 нояб. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.

Ссылки

https://fluidattacks.com/advisories/mosey/
Exploit
Third Party Advisory
https://github.com/prasathmani/tinyfilemanager/
Product
https://fluidattacks.com/advisories/mosey/
Exploit
Third Party Advisory
https://github.com/prasathmani/tinyfilemanager/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prasathmani:tiny_file_manager:2.4.8:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00923

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-284

Связанные уязвимости

GHSA-j9xm-j63v-9g3x

CVSS3: 8.8

github

около 3 лет назад

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.