CVE-2020-12102

HIGH

Tiny File Manager 2.4.1 - Authenticated Path Traversal via AJAX Recursive Directory Listing

Title source: llm
STIX 2.1

Description

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).

Scores

CVSS v3 7.7
EPSS 0.0183
EPSS Percentile 76.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
prasathmani/tiny_file_manager 2.4.1
Published Apr 28, 2020
Tracked Since Feb 18, 2026