{"vulnerability": "cve-2021-4096", "sightings": [{"uuid": "84abbae9-9733-4d47-a6f1-c1cf59c05e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40961", "type": "seen", "source": "https://t.me/cibsecurity/44103", "content": "\u203c CVE-2021-40961 \u203c\n\nCMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-09T18:33:30.000000Z"}, {"uuid": "ee44bf17-8efc-4005-b9a8-515350389fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40968", "type": "seen", "source": "https://t.me/cibsecurity/29818", "content": "\u203c CVE-2021-40968 \u203c\n\nCross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T20:15:29.000000Z"}, {"uuid": "3dbf7ee9-027a-4213-8b18-8e88c258e469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40969", "type": "seen", "source": "https://t.me/cibsecurity/29826", "content": "\u203c CVE-2021-40969 \u203c\n\nCross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T20:15:40.000000Z"}, {"uuid": "95251ea9-79cb-47fd-97a6-edb0f4288878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40964", "type": "seen", "source": "https://t.me/cibsecurity/28945", "content": "\u203c CVE-2021-40964 \u203c\n\nA Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the \"fullpath\" parameter containing path traversal strings (../ and ..\\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T22:22:19.000000Z"}, {"uuid": "74756e43-b27d-40a9-a809-a44276115e24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40968", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-40968.yaml", "content": "", "creation_timestamp": "2023-06-05T12:33:16.000000Z"}, {"uuid": "df2fdf6f-5b27-4d98-bf95-5c442d597bca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40964", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlb7n55e2g", "content": "", "creation_timestamp": "2025-08-03T21:02:29.722077Z"}, {"uuid": "8f95bede-9baa-4e26-bca8-99e02007ae3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40964", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/41172", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aTiny File Manager <= 2.4.6 - Remote Code Execution (RCE)\nURL\uff1ahttps://github.com/Z3R0-0x30/CVE-2021-40964\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-06-20T05:32:52.000000Z"}, {"uuid": "da585752-69ab-4a35-beb6-31b178c2a72f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40960", "type": "seen", "source": "https://t.me/cibsecurity/29807", "content": "\u203c CVE-2021-40960 \u203c\n\nGalera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-01T18:15:20.000000Z"}, {"uuid": "006baa0f-404d-4196-ab1b-bd7b6094c1fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40966", "type": "seen", "source": "https://t.me/cibsecurity/28953", "content": "\u203c CVE-2021-40966 \u203c\n\nA Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T22:22:28.000000Z"}, {"uuid": "9c5201c8-150b-49cb-aae1-ead9507773c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40965", "type": "seen", "source": "https://t.me/cibsecurity/28939", "content": "\u203c CVE-2021-40965 \u203c\n\nA Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T22:22:10.000000Z"}, {"uuid": "2018bc33-7c9f-45e6-adf5-1eb4e8edea70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40969", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-40969.yaml", "content": "", "creation_timestamp": "2023-06-05T12:33:16.000000Z"}, {"uuid": "17369cc3-6458-4c94-bd9a-7c4c80268307", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40964", "type": "published-proof-of-concept", "source": "Telegram/04rNRtq-YvJirw2f6vBBsQj5DBNsU4NC5BG-M6leizMM-7Q", "content": "", "creation_timestamp": "2025-06-20T09:00:05.000000Z"}, {"uuid": "3d70be3c-e49a-44f0-b267-843d72026229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40964", "type": "published-proof-of-concept", "source": "Telegram/WbkInEHYY3kOnUccLnofEqQY0zB0xloygQFKulDWXCJgOM4", "content": "", "creation_timestamp": "2025-06-20T15:00:06.000000Z"}]}