starred/tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2026-04-26 19:05:54 +03:00
Code Issues 253 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #715] What about CVE-2021-40965 (CSRF vulnerability)? #496

New issue
Closed
opened 2026-03-02 15:59:13 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 15:59:13 +03:00
Owner
Copy link

Originally created by @rdggithub on GitHub (Feb 6, 2022).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/715

There is a CSRF vulnerability reported in 2.4.6 since 09/2021? Also XSS and path traversal?!

https://cve.report/CVE-2021-40965
https://cve.report/CVE-2021-40966
https://cve.report/CVE-2021-40964

Also the releases on

https://github.com/prasathmani/tinyfilemanager/releases

do not include the versions from 2.4.4 to 2.4.6?!

Originally created by @rdggithub on GitHub (Feb 6, 2022). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/715 There is a CSRF vulnerability reported in 2.4.6 since 09/2021? Also XSS and path traversal?! https://cve.report/CVE-2021-40965 https://cve.report/CVE-2021-40966 https://cve.report/CVE-2021-40964 Also the releases on https://github.com/prasathmani/tinyfilemanager/releases do not include the versions from 2.4.4 to 2.4.6?!
kerem 2026-03-02 15:59:13 +03:00
  • closed this issue
  • added the
    Security
         label
kerem commented 2026-03-02 15:59:14 +03:00
Author
Owner
Copy link

@prasathmani commented on GitHub (Feb 12, 2022):

fixed path traversal vulnerability #718, by @joaogmauricio

<!-- gh-comment-id:1037061064 --> @prasathmani commented on GitHub (Feb 12, 2022): fixed path traversal vulnerability #718, by @joaogmauricio
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
prasathmani-patch-1
offline
add-license-1
2.6
2.5.3
2.5.0
2.4.7
2.4.3
2.4.1
2.4.0
2.3.8
2.3.4
2.3
2.2.0
2.0.2
2.0.1
Labels
Clear labels   
Feature

   
Feature

   
Is It Really an Issue?

   
Need More Info

   
Request

   
Security

   
bug

   
duplicate

   
enhancement

   
enhancement

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
suggestion

   
wontfix
No labels
Feature
Feature
Is It Really an Issue?
Need More Info
Request
Security
bug
duplicate
enhancement
enhancement
help wanted
invalid
pull-request
question
suggestion
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tinyfilemanager#496
No description provided.