virus logo Web Application Security

Tiny.File.Manager.tinyfilemanager.php.Directory.Traveral

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Tiny File Manager.
The vulnerability is due to insufficient validation of the fullpath parameter during file upload operation. A remote, authenticated attacker could exploit the vulnerability by sending a crafted request to the server. Successful exploitation could result in directory traversal and arbitrary file write, which could lead to potential code execution under the security context of web server process on the target server.

affected-products-logoAffected Products

Tiny File Manage prior to 2.4.7

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1

Version Updates

Date Version Detail
2022-05-02 0.00319

CVE References

CVE-2021-45010
ID 1090501453
Created Apr 30, 2022
Updated Apr 30, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action pass
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app