Russian Vulnerability Scanner Database

Back to List

CVE-2021-45010

Scores

EPSS

0.724medium72.4%
0%20%40%60%80%100%

Percentile: 72.4%

CVSS

8.8high3.x
0246810

CVSS Score: 8.8/10

All CVSS Scores

CVSS 3.x
8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Description

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-22

Exploits

Exploit ID: 50828

Source: exploitdb

URL: https://www.exploit-db.com/exploits/50828

Exploit ID: CVE-2021-45010

Source: github-poc

URL: https://github.com/Syd-SydneyJr/CVE-2021-45010

Vulnerable Software (1)

Type: Configuration

Vendor: *

Product: tiny_file_manager

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:prasathmani:tiny_file_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "2.4.7",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list