A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://github.com/prasathmani/tinyfilemanager/pull/636 | third party advisory patch |
| https://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7 | third party advisory patch |
| https://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/ | third party advisory patch |
| https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.sh | third party advisory exploit |
| https://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss | third party advisory exploit |
| https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.sh | third party advisory exploit |
| https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1 | third party advisory patch |
| http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html | third party advisory vdb entry exploit |