Home/Product/prasathmani tiny file manager
Product

prasathmani tiny file manager

16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-46651
<= 2.6
Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insuff
4.3MEDIUM
 CVE-2025-15138
<= 2.6
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file t
4.7MEDIUM
 CVE-2025-44998
all versions
A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers
6.1MEDIUM
 CVE-2022-40916
<= 2.4.7
Tiny File Manager v2.4.7 and below is vulnerable to session fixation.
9.8CRITICAL
 CVE-2022-40490
<= 2.4.7
Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows
4.8MEDIUM
 CVE-2022-45476
all versions
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them fo
9.8CRITICAL
 CVE-2022-45475
all versions
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is poss
6.5MEDIUM
 CVE-2022-23044
all versions
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within t
8.8HIGH
 CVE-2022-1000
< 2.4.7
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
9.8CRITICAL
 CVE-2021-45010
<= 2.4.7
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows re
8.8HIGH
 CVE-2021-40966
<= 2.4.6
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a fi
5.4MEDIUM
 CVE-2021-40965
<= 2.4.6
A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows atta
8.8HIGH
 CVE-2021-40964
<= 2.4.6
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a f
6.5MEDIUM
 CVE-2020-12103
all versions
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to
7.7HIGH
 CVE-2020-12102
all versions
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This al
7.7HIGH
 CVE-2019-16790
< 2.3.9
In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated
6.5MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh