CVE-2021-45010
CVE-2021-45010
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Popular PoC on GitHub (4 stars) — exploitation code widely available.
CVSS —EPSS 70.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
15 Mar 2022Published on NVD
16 Mar 2022Public PoC
Weaponization speed
1 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/BKreisel/CVE-2021-45010★ 4githubgithub.com/Syd-SydneyJr/CVE-2021-45010★ 1cve_referencepacketstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50828unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.htmlhttps://febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/https://github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.shhttps://github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bcc4b44c7https://github.com/prasathmani/tinyfilemanager/pull/636https://github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf6df5d89083298d1https://raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.shhttps://sploitus.com/exploit?id=1337DAY-ID-37364&utm_source=rss&utm_medium=rss