CVE-2021-45010

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
15/03/2022
Last modified:
21/03/2022

Description

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:tiny_file_manager_project:tiny_file_manager:*:*:*:*:*:*:*:* 2.4.7 (including)