CVE-2021-40965

Published: Sep 15, 2021Modified: Dec 31, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

Affected (1)

Products: Prasathmani: Tiny File Manager

Prasathmani

1 product

Tiny File Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prasathmani Tiny File Manager	Up to 2.4.6

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528

Source: cve@mitre.org

Third Party Advisory

https://github.com/prasathmani/tinyfilemanager

Source: cve@mitre.org

ProductThird Party Advisory

https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/prasathmani/tinyfilemanager

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.