Vulnerabilities > Tinyfilemanager Project

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-15	CVE-2021-40964	Path Traversal vulnerability in Tinyfilemanager Project Tinyfilemanager 2.4.6 A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer. network tinyfilemanager-project CWE-22	4.3
2021-09-15	CVE-2021-40965	Cross-Site Request Forgery (CSRF) vulnerability in Tinyfilemanager Project Tinyfilemanager 2.4.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. network tinyfilemanager-project CWE-352 critical	9.3
2021-09-15	CVE-2021-40966	Cross-site Scripting vulnerability in Tinyfilemanager Project Tinyfilemanager 2.4.6 A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. network tinyfilemanager-project CWE-79	3.5

Vulnerabilities > Tinyfilemanager Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Tinyfilemanager Project"}]}