CVE-2022-40490

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 6, 2025

CWE ID 79

Summary

CVE-2022-40490 is a Cross Site Scripting (XSS) vulnerability affecting Tiny File Manager version 2.4.7 and below. Attackers can exploit this issue by injecting malicious code into the name of a file during upload or manipulating the name of an existing file, allowing them to execute arbitrary code on vulnerable systems. Successful exploitation can result in unauthorized access, data theft, or other malicious activities, making this a significant security risk for organizations using the affected software. It is strongly recommended that users update to the latest version of Tiny File Manager to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/n8Vr8W
https://www.cve.org/CVERecord?id=CVE-2022-40490
https://nvd.nist.gov/vuln/detail/CVE-2022-40490

Back to Vulnerability Database

CVE-2022-40490

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations