CVE-2020-12103
HIGHTiny File Manager 2.4.1 - Authenticated Path Traversal via Backup Copy Functionality
Title source: llmDescription
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.
References (3)
Core 3
Core References
Patch
https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06
Issue Tracking
https://github.com/prasathmani/tinyfilemanager/issues/357
Scores
CVSS v3
7.7
EPSS
0.0146
EPSS Percentile
70.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
prasathmani/tiny_file_manager
2.4.1
Published
Apr 28, 2020
Tracked Since
Feb 18, 2026