CRITICAL🇵🇱 Wersja polska

CVE-2022-45476

CVSS 9.8v3.1pub. 2022-11-25upd. 2025-12-31

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Prasathmani Tiny File Manager

    APP
    Prasathmani
    2.4.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-40916CRITICAL9.8PL ✓ten sam produkt

Session fixation w Tiny File Manager v2.4.7 i wcześniejszych

CVE-2022-1000CRITICAL9.8ten sam produkt

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.

CVE-2022-23044HIGH8.8ten sam produkt

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform uninten...

CVE-2021-45010HIGH8.8ten sam produkt

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager be...

CVE-2021-40965HIGH8.8ten sam produkt

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2....