Tiny.File.Manager.tinyfilemanager.php.Directory.Traveral
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Tiny File Manager.
The vulnerability is due to insufficient validation of the fullpath parameter during file upload operation. A remote, authenticated attacker could exploit the vulnerability by sending a crafted request to the server. Successful exploitation could result in directory traversal and arbitrary file write, which could lead to potential code execution under the security context of web server process on the target server.
Affected Products
Tiny File Manage prior to 2.4.7
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1
Version Updates
Date | Version | Detail |
---|---|---|
2022-05-02 | 0.00319 |