CVE-2020-12103

HIGH

Prasathmani Tiny File Manager - Path Traversal

Title source: rule

Description

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

References (3)

Core 3

Core References

Various Sources

https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities/

Patch

https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06

View Patch ZIP pw:eip

Issue Tracking

https://github.com/prasathmani/tinyfilemanager/issues/357

Scores

CVSS v3 7.7

EPSS 0.0069

EPSS Percentile 71.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Details

CWE

CWE-22

Status published

Products (1)

prasathmani/tiny_file_manager 2.4.1

Published Apr 28, 2020

Tracked Since Feb 18, 2026