CVE-2022-40490 Information

Description

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.

Reference

https://github.com/prasathmani/tinyfilemanager https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md