Filtered by vendor Tinyfilemanager Project
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40964 | 1 Tinyfilemanager Project | 1 Tinyfilemanager | 2022-05-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer. | |||||
| CVE-2021-40966 | 1 Tinyfilemanager Project | 1 Tinyfilemanager | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server. | |||||