CVE-2021-40964 - OpenCVE

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tinyfilemanager Project	Tinyfilemanager

Configuration 1 [-]

cpe:2.3:a:tinyfilemanager_project:tinyfilemanager:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html	Exploit Third Party Advisory VDB Entry
https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528	Third Party Advisory
https://github.com/prasathmani/tinyfilemanager	Product Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-15T17:12:28

Updated: 2022-03-16T18:06:21

Reserved: 2021-09-13T00:00:00

Link: CVE-2021-40964

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-15T18:15:09.413

Modified: 2022-05-19T21:22:15.957

Link: CVE-2021-40964

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the \"fullpath\" parameter containing path traversal strings (../ and ..\\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-16T18:06:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/prasathmani/tinyfilemanager"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-40964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the \"fullpath\" parameter containing path traversal strings (../ and ..\\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/prasathmani/tinyfilemanager", "refsource": "MISC", "url": "https://github.com/prasathmani/tinyfilemanager"}, {"name": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528", "refsource": "MISC", "url": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528"}, {"name": "http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-40964", "datePublished": "2021-09-15T17:12:28", "dateReserved": "2021-09-13T00:00:00", "dateUpdated": "2022-03-16T18:06:21", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tinyfilemanager_project:tinyfilemanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B0E415E-B442-42FF-ACB2-41D30FDF09E8", "versionEndIncluding": "2.4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the \"fullpath\" parameter containing path traversal strings (../ and ..\\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de Salto de Directorio en TinyFileManager en Todas las versiones hasta 2.4.6 incluy\u00e9ndola, que permite a atacantes subir un archivo (con credenciales de administrador o con la vulnerabilidad CSRF) con el par\u00e1metro \"fullpath\" que contiene cadenas de salto de ruta (../ y ..\\) para escapar del directorio de trabajo previsto del servidor y escribir archivos maliciosos en cualquier directorio del ordenador"}], "id": "CVE-2021-40964", "lastModified": "2022-05-19T21:22:15.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-15T18:15:09.413", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/prasathmani/tinyfilemanager"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}