Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TinyFileManager 跨站请求伪造漏洞
Vulnerability Description
TinyFileManager是一个基于 Web 的文件管理器。用于通过 Web 浏览器在线存储、上传、编辑和管理文件和文件夹。 TinyFileManager 2.4.6及以下所有版本存在跨站请求伪造漏洞,攻击者可利用该漏洞可以通过诱导Administrator用户浏览攻击者控制的URL来上传文件和运行操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A