CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40965

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.3

References

https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528
https://github.com/prasathmani/tinyfilemanager
https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528
https://github.com/prasathmani/tinyfilemanager

Products affected by CVE-2021-40965

Tinyfilemanager Project » Tinyfilemanager » Version: 2.4.6

cpe:2.3:a:tinyfilemanager_project:tinyfilemanager:2.4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40965

Products

Pricing

Contact Us