CVE-2021-40964 PoC — TinyFileManager 路径遍历漏洞

Source

https://github.com/Z3R0-0x30/CVE-2021-40964

Associated Vulnerability

Title:TinyFileManager 路径遍历漏洞 (CVE-2021-40964)
Description:A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

Description

Tiny File Manager <= 2.4.6 - Remote Code Execution (RCE)

Readme

# Tiny File Manager <= 2.4.6 - Remote Code Execution (Authenticated)

![Exploit Status](https://img.shields.io/badge/status-working-brightgreen)
![Language](https://img.shields.io/badge/bash-script-blue)
![CVE](https://img.shields.io/badge/CVE-2021--40964-red)

## 🚨 About the Exploit

This is a Bash-based authenticated **Remote Code Execution (RCE)** exploit for **Tiny File Manager versions <= 2.4.6**, vulnerable under **CVE-2021-40964**.

The script leverages:
- Weak upload validation and webroot disclosure,
- An arbitrary file upload vulnerability, leading to PHP code execution.

---

## 📌 Details

- **Exploit Title:** Tiny File Manager <= 2.4.6 - Remote Code Execution (RCE)
- **CVE:** [CVE-2021-40964](https://nvd.nist.gov/vuln/detail/CVE-2021-40964)
- **Author:** `Z3R0 (0x30)`
- **Vulnerable Version:** ≤ 2.4.6
- **Authentication Required:** Yes (Admin credentials)

---

## ⚙️ Prerequisites

Ensure the following tools are installed:

```bash
sudo apt install curl jq

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!