← voltar
CVE-2021-45010

CVE-2021-45010

EPSS 70.1%
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Produtos afetados
n/a · n/a
PoCs públicas encontradas4
githubgithub.com/BKreisel/CVE-2021-450104githubgithub.com/Syd-SydneyJr/CVE-2021-450101cve_referencepacketstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50828não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.htmlhttps://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.shhttps://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7https://github.com/prasathmani/tinyfilemanager/pull/636https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.shhttps://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss