Vulnerability Details CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.642
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html
- https://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/
- https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.sh
- https://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7
- https://github.com/prasathmani/tinyfilemanager/pull/636
- https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1
- https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.sh
- https://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss
- http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html
- https://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/
- https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.sh
- https://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7
- https://github.com/prasathmani/tinyfilemanager/pull/636
- https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1
- https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.sh
- https://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss
Products affected by CVE-2021-45010
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.0.1
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.0.2
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.2.0
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.3
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.3.4
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.3.8
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.3.9
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.4.0
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.4.1
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.4.3
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.4.6
-
cpe:2.3:a:prasathmani:tiny_file_manager:2.4.7