CVE-2022-45475

EUVD-2022-48341
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
prasathmanitiny_file_manager
2.4.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fluidattacks.com/advisories/mosey/
https://github.com/prasathmani/tinyfilemanager/
https://fluidattacks.com/advisories/mosey/
https://github.com/prasathmani/tinyfilemanager/