A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.
References
Link | Resource |
---|---|
https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528 | Third Party Advisory |
https://github.com/prasathmani/tinyfilemanager | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-15T17:11:27
Updated: 2021-09-15T17:11:27
Reserved: 2021-09-13T00:00:00
Link: CVE-2021-40965
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-15T18:15:09.470
Modified: 2021-09-27T18:32:32.680
Link: CVE-2021-40965
JSON object: View
Redhat Information
No data.
CWE