Description


Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.

References



https://github.com/prasathmani/tinyfilemanager/

ExploitIssue TrackingThird Party Advisory

Weaknesses



CWE-352

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-25T17:15:10.637

2 years ago

Last modified

2023-11-07T03:44:01.903

1 year ago