starred/tinyfilemanager

Fork 0

mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2026-04-26 10:55:56 +03:00

[GH-ISSUE #581] tinyfilemanager.php contain malware #418

New issue

Closed

opened 2026-03-02 15:58:36 +03:00 by kerem · 5 comments

kerem commented

2026-03-02 15:58:36 +03:00

Owner

Originally created by @annash-zm on GitHub (Jun 22, 2021).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/581

how to fix tinyfilemanager.php file contain malware so i can't upload file or the file is deleted?

Originally created by @annash-zm on GitHub (Jun 22, 2021). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/581 how to fix tinyfilemanager.php file contain malware so i can't upload file or the file is deleted?

kerem closed this issue

2026-03-02 15:58:37 +03:00

kerem commented

2026-03-02 15:58:37 +03:00

Author

Owner

@17500mph commented on GitHub (Jul 15, 2021):

There's references to this here and there and it's a vulnerability for code injection, not an issue of malware contained within Tiny File Manager.

As best I can tell is that the vulnerability has been fixed as well.

Whatever scan/check is being referenced elsewhere here is ambiguous otherwise.

Can this be confirmed and this issue marked appropriately?

@17500mph commented on GitHub (Jul 15, 2021): There's references to this here and there and it's a vulnerability for code injection, not an issue of malware contained within Tiny File Manager. As best I can tell is that the vulnerability has been fixed as well. Whatever scan/check is being referenced elsewhere here is ambiguous otherwise. Can this be confirmed and this issue marked appropriately?

kerem commented

2026-03-02 15:58:37 +03:00

Author

Owner

@17500mph commented on GitHub (Jul 15, 2021):

The ambiguous reference I'm citing is #578
('SiteLock' - appears to be some for pay service, a not openly accessible FUD inducing bait)

@17500mph commented on GitHub (Jul 15, 2021): The ambiguous reference I'm citing is #578 ('SiteLock' - appears to be some for pay service, a not openly accessible FUD inducing bait)

kerem commented

2026-03-02 15:58:37 +03:00

Author

Owner

@saeed74 commented on GitHub (Aug 21, 2021):

I used https://www.virustotal.com/ to check the file and it also showing malware detection: VUL.Webshell

@saeed74 commented on GitHub (Aug 21, 2021): I used [https://www.virustotal.com/](https://www.virustotal.com/) to check the file and it also showing malware detection: VUL.Webshell

kerem commented

2026-03-02 15:58:38 +03:00

Author

Owner

@precamp-io commented on GitHub (Jan 24, 2022):

cpanel wont let me upload the file because it says it has malware
Bkav Pro - VUL.Webshell

@precamp-io commented on GitHub (Jan 24, 2022): cpanel wont let me upload the file because it says it has malware Bkav Pro - VUL.Webshell

kerem commented

2026-03-02 15:58:38 +03:00

Author

Owner

@FransW5 commented on GitHub (Jul 21, 2022):

Solution for cPanel:

Open tinyfilemanager.php in a text editor And

Replace All:
fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH));
With:
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));

@FransW5 commented on GitHub (Jul 21, 2022): Solution for cPanel: Open tinyfilemanager.php in a text editor And Replace All: `fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); ` With: `$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));`

kerem referenced this issue

2026-03-02 16:02:35 +03:00

[PR #418] [MERGED] fix(actions): creating a backup in FM_ROOT_PATH #979