| Título | github.com/prasathmani tinyfilemanager 2.6 Server-Side Request Forgery |
|---|
| Descrição | A Server-Side Request Forgery vulnerability exists in the URL-based file upload feature of Tiny File Manager v2.6. An authenticated attacker can bypass the IP blocklist and force the server to make HTTP requests to internal resources, including localhost services and cloud metadata endpoints. |
|---|
| Fonte | ⚠️ https://drive.google.com/file/d/1pB3dI4oUy09mAtDHWbLlcoRRC1b3YU6k/view?usp=sharing |
|---|
| Utilizador | 0xNayel (UID 80926) |
|---|
| Submissão | 25/03/2026 07h09 (há 1 mês) |
|---|
| Moderação | 17/04/2026 10h39 (23 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 358040 [prasathmani TinyFileManager até 2.6 File Upload filemanager.php?p= ajax=true&type=upload uploadurl Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|