QwikSec

Security Database

CVE

CWE

Training

CVE-2022-40490

Published: Feb 6, 2025

Modified: Aug 20, 2025

PUBLISHED

Description

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

Weaknesses (CWE)

References

https://github.com/prasathmani/tinyfilemanager

https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.