Insecure File Upload Vulnerability in Tiny File Manager v2.4.8

Insecure File Upload Vulnerability in Tiny File Manager v2.4.8

CVE-2022-45476 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.

Learn more about our User Device Pen Test.