A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
https://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/ | Patch Third Party Advisory |
https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.sh | Exploit Third Party Advisory |
https://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7 | Patch Third Party Advisory |
https://github.com/prasathmani/tinyfilemanager/pull/636 | Patch Third Party Advisory |
https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1 | Patch Third Party Advisory |
https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.sh | Exploit Third Party Advisory |
https://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-15T11:13:26
Updated: 2022-03-20T02:27:56
Reserved: 2021-12-13T00:00:00
Link: CVE-2021-45010
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-15T12:15:08.380
Modified: 2022-03-21T18:56:55.743
Link: CVE-2021-45010
JSON object: View
Redhat Information
No data.
CWE