| 제목 | github.com/prasathmani tinyfilemanager 2.6 Server-Side Request Forgery |
|---|
| 설명 | A Server-Side Request Forgery vulnerability exists in the URL-based file upload feature of Tiny File Manager v2.6. An authenticated attacker can bypass the IP blocklist and force the server to make HTTP requests to internal resources, including localhost services and cloud metadata endpoints. |
|---|
| 원천 | ⚠️ https://drive.google.com/file/d/1pB3dI4oUy09mAtDHWbLlcoRRC1b3YU6k/view?usp=sharing |
|---|
| 사용자 | 0xNayel (UID 80926) |
|---|
| 제출 | 2026. 03. 25. AM 07:09 (29 날 ago) |
|---|
| 모더레이션 | 2026. 04. 17. AM 10:39 (23 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358040 [prasathmani TinyFileManager 까지 2.6 File Upload filemanager.php?p= ajax=true&type=upload uploadurl 권한 상승] |
|---|
| 포인트들 | 17 |
|---|