| عنوان | github.com/prasathmani tinyfilemanager 2.6 Server-Side Request Forgery |
|---|
| الوصف | A Server-Side Request Forgery vulnerability exists in the URL-based file upload feature of Tiny File Manager v2.6. An authenticated attacker can bypass the IP blocklist and force the server to make HTTP requests to internal resources, including localhost services and cloud metadata endpoints. |
|---|
| المصدر | ⚠️ https://drive.google.com/file/d/1pB3dI4oUy09mAtDHWbLlcoRRC1b3YU6k/view?usp=sharing |
|---|
| المستخدم | 0xNayel (UID 80926) |
|---|
| ارسال | 25/03/2026 07:09 AM (1 شهر منذ) |
|---|
| الاعتدال | 17/04/2026 10:39 AM (23 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358040 [prasathmani TinyFileManager حتى 2.6 File Upload filemanager.php?p= ajax=true&type=upload uploadurl تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|