CVE-2020-12103

Published: Apr 28, 2020Modified: Dec 31, 2025

7.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

Affected (1)

Products: Prasathmani: Tiny File Manager

Prasathmani

1 product

Tiny File Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prasathmani Tiny File Manager	Version 2.4.1

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities/

Source: cve@mitre.org

https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06

Source: cve@mitre.org

https://github.com/prasathmani/tinyfilemanager/issues/357

Source: cve@mitre.org

https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/prasathmani/tinyfilemanager/issues/357

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.