CVE-2021-45010

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
6.5
MEDIUM
Affected
2
PROJECTS

Description

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

prasathmani/tinyfilemanager
prasathmani/tinyfilemanager
Single-file PHP file manager, browser and manage your files efficiently and easily with tinyfilemanager
GitHubGitHub
5.9K
febinrev/tinyfilemanager-2.4.3-exploit
febinrev/tinyfilemanager-2.4.3-exploit
A Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager Project's Tiny File Manager <= 2.4.6 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot and achieve code execution on the target server.
GitHubGitHub
13