Vulnerability Details : CVE-2022-23044
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2022-23044
- cpe:2.3:a:tiny_file_manager_project:tiny_file_manager:2.4.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23044
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23044
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-23044
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-23044
-
https://fluidattacks.com/advisories/mosey/
Tiny File Manager 2.4.8 - Remote Command Execution | Advisories | Fluid AttacksExploit;Third Party Advisory
-
https://github.com/prasathmani/tinyfilemanager/
GitHub - prasathmani/tinyfilemanager: The best web based PHP File Manager in single file, Manage your files efficiently and easily with tinyfilemanagerExploit;Issue Tracking;Third Party Advisory
Jump to