CVE-2021-45010 PoC — Tiny File Manager路径遍历漏洞

Source

https://github.com/febinrev/CVE-2021-45010-TinyFileManager-Exploit

Associated Vulnerability

Title:Tiny File Manager路径遍历漏洞 (CVE-2021-45010)
Description:Tiny File Manager是一款基于Web的开源文件管理器。 Tiny File Manager 2.4.1中的tinyfilemanager.php文件上传功能存在路径遍历漏洞，该漏洞允许远程攻击者使用有效用户账户上传恶意PHP文件到webroot并在目标服务器上实现代码执行。

Description

A Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager Project’s Tiny File Manager <= 2.4.3 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot and achieve code execution on the target server.

Readme

# CVE-2021-45010

CVE-2021-45010: A Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager Project’s Tiny File Manager <= 2.4.3 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot and achieve code execution on the target server.

File Snapshot


 [4.0K]  /data/pocs/b02321e6a92406a14d687b6b95f597355f9e3268
├── [ 324]  README.md
├── [4.1K]  tiny_file_manager_exploit.py
└── [2.8K]  tiny_file_manager_exploit.sh

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!