Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
prasathmani TinyFileManager File Upload filemanager.php server-side request forgery
Vulnerability Description
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
TinyFileManager 安全漏洞
Vulnerability Description
TinyFileManager是prasathmani个人开发者的一个基于 Web 的文件管理器。用于通过 Web 浏览器在线存储、上传、编辑和管理文件和文件夹。 TinyFileManager 2.6及之前版本存在安全漏洞,该漏洞源于对文件/filemanager.php?p= ajax=true&type=upload中参数uploadurl的操作,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A