A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-15T17:11:27
Updated: 2024-08-04T02:59:30.870Z
Reserved: 2021-09-13T00:00:00
Link: CVE-2021-40965
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-15T18:15:09.470
Modified: 2021-09-27T18:32:32.680
Link: CVE-2021-40965
Redhat
No data.