Description

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.

Related CPE's

a

tiny_file_manager_project

tiny_file_manager

2.4.8

Vulnerable

References

https://fluidattacks.com/advisories/mosey/

ExploitThird Party Advisory

https://github.com/prasathmani/tinyfilemanager/

ExploitIssue TrackingThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-25T17:15:10.637

2 years ago

Last modified

2023-11-07T03:44:01.903

1 year ago