CSRF Vulnerability in TinyFileManager Allows Unauthorized File Upload and Command Execution

CSRF Vulnerability in TinyFileManager Allows Unauthorized File Upload and Command Execution

CVE-2021-40965 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

Learn more about our User Device Pen Test.