Description

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.

Related CPE's

a

prasathmani

tiny_file_manager

2.4.8

Vulnerable

References

https://fluidattacks.com/advisories/mosey/

ExploitThird Party Advisory

https://github.com/prasathmani/tinyfilemanager/

ExploitIssue TrackingThird Party Advisory

https://fluidattacks.com/advisories/mosey/

ExploitThird Party Advisory

https://github.com/prasathmani/tinyfilemanager/

ExploitIssue TrackingThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-352

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-25T16:15:10.637Z

3 years ago

Last modified

2025-12-31T18:40:50.980Z

2 months ago