Prasathmani Tiny File Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Prasathmani Tiny File Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2022-45476 — CVSS 9.8 (critical): Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for…
CVE-2021-40965 — CVSS 8.8 (high): A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to…
CVE-2022-23044 — CVSS 8.8 (high): Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the…
CVE-2021-45010 — CVSS 8.8 (high): A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote…
CVE-2020-12103 — CVSS 7.7 (high): In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create…
CVE-2020-12102 — CVSS 7.7 (high): In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows…
CVE-2019-16790 — CVSS 6.5 (medium): In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are…
CVE-2021-40964 — CVSS 6.5 (medium): A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with…
CVE-2022-45475 — CVSS 6.5 (medium): Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible…
CVE-2025-44998 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to…
CVE-2021-40966 — CVSS 5.4 (medium): A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that…
CVE-2022-40490 — CVSS 4.8 (medium): Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows…
CVE-2025-15138 — CVSS 4.7 (medium): A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file…
CVE-2025-46651 — CVSS 4.3 (medium): Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient…