CVE-2021-45010

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-45010

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45010.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-45010

Published

2022-03-15T12:15:08.380Z

Modified

2026-02-13T08:46:46.116042Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

References

Affected packages

Git / github.com/prasathmani/tinyfilemanager

Affected ranges

Type: GIT
Repo: https://github.com/prasathmani/tinyfilemanager
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2046bbde72ed76af0cfdcae082de629bcc4b44c7

Affected versions

2.*

2.0.1

2.0.2

2.2.0

2.3

2.3.4

2.3.8

2.4.0

2.4.1

2.4.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45010.json"