Threat Encyclopedia

Tiny.File.Manager.tinyfilemanager.php.Directory.Traveral

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Tiny File Manager.
The vulnerability is due to insufficient validation of the fullpath parameter during file upload operation. A remote, authenticated attacker could exploit the vulnerability by sending a crafted request to the server. Successful exploitation could result in directory traversal and arbitrary file write, which could lead to potential code execution under the security context of web server process on the target server.

affected-products-logoAffected Products

Tiny File Manage prior to 2.4.7

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1

CVE References

CVE-2021-45010