CVE-2022-40490

Medium CVSS: 4.8

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.

Vendor

Prasathmani

Product

Tiny File Manager

CWE

CWE-79

Yayın Tarihi

2025-02-06 17:15:13

Güncelleme

2025-12-31 19:40:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Tiny File Manager MEDIUM Prasathmani 2025

Referanslar

https://github.com/prasathmani/tinyfilemanager https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md

Benzer Kayıtlar

Medium

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due…

Medium

CVE-2025-15138

A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of…

Medium

CVE-2025-44998

A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows…

Critical

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation.