CVE Vulnerabilities

CVE-2022-40916

Session Fixation

Published: Feb 06, 2025 | Modified: Jul 03, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

Tiny File Manager v2.4.7 and below is vulnerable to session fixation.

Weakness

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Affected Software

Name Vendor Start Version End Version
Tiny_file_manager Tiny_file_manager_project * 2.4.7 (including)

Extended Description

Such a scenario is commonly observed when:

Potential Mitigations

References