CVE-2020-12103

HIGH

Tiny File Manager 2.4.1 - Authenticated Path Traversal via Backup Copy Functionality

Title source: llm
STIX 2.1

Description

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

Scores

CVSS v3 7.7
EPSS 0.0146
EPSS Percentile 70.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
prasathmani/tiny_file_manager 2.4.1
Published Apr 28, 2020
Tracked Since Feb 18, 2026