CVE-2021-40964 PoC — TinyFileManager 路径遍历漏洞

Source

https://github.com/Z3R0-0x30/CVE-2021-40964

Associated Vulnerability

Title:TinyFileManager 路径遍历漏洞 (CVE-2021-40964)
Description:TinyFileManager是一个基于 Web 的文件管理器。用于通过 Web 浏览器在线存储、上传、编辑和管理文件和文件夹。 TinyFileManager 2.4.6及以下所有版本存在路径遍历漏洞，该漏洞源于软件对于fullpath参数缺乏有效的验证与转义，攻击者可利用该漏洞上传文件以浏览服务器的预期工作目录，并写入恶意文件到计算机上的任何目录。

Description

Tiny File Manager <= 2.4.6 - Remote Code Execution (RCE)

Readme

# Tiny File Manager <= 2.4.6 - Remote Code Execution (Authenticated)

![Exploit Status](https://img.shields.io/badge/status-working-brightgreen)
![Language](https://img.shields.io/badge/bash-script-blue)
![CVE](https://img.shields.io/badge/CVE-2021--40964-red)

## 🚨 About the Exploit

This is a Bash-based authenticated **Remote Code Execution (RCE)** exploit for **Tiny File Manager versions <= 2.4.6**, vulnerable under **CVE-2021-40964**.

The script leverages:
- Weak upload validation and webroot disclosure,
- An arbitrary file upload vulnerability, leading to PHP code execution.

---

## 📌 Details

- **Exploit Title:** Tiny File Manager <= 2.4.6 - Remote Code Execution (RCE)
- **CVE:** [CVE-2021-40964](https://nvd.nist.gov/vuln/detail/CVE-2021-40964)
- **Author:** `Z3R0 (0x30)`
- **Vulnerable Version:** ≤ 2.4.6
- **Authentication Required:** Yes (Admin credentials)

---

## ⚙️ Prerequisites

Ensure the following tools are installed:

```bash
sudo apt install curl jq

File Snapshot


 [4.0K]  /data/pocs/ca6930ff6b33016b78765d9cea1c38dc924a6ec6
├── [2.5K]  CVE-2021-40964_ZERO.sh
└── [ 995]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!