CVE-2021-45010
a vulnerability has been found in tiny file manager 2.4.1 and classified as critical. Affected by this vulnerability is an unknown code of the file tinyfilemanager.php of the component File Upload Handler. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality, integrity, and availability.
exploit
While there are several exploits available online, this one appears to be most well-written