Description
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
References
https://fluidattacks.com/advisories/mosey/
ExploitThird Party Advisory
https://github.com/prasathmani/tinyfilemanager/
ExploitIssue TrackingThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2022-11-25T17:15:10.637
2 years agoLast modified
2023-11-07T03:44:01.903
1 year ago