CVE-2021-45010
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/BKreisel/CVE-2021-45010★ 4githubgithub.com/Syd-SydneyJr/CVE-2021-45010★ 1cve_referencepacketstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50828unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.htmlhttps://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.shhttps://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7https://github.com/prasathmani/tinyfilemanager/pull/636https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.shhttps://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss