Vulnerability Description
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prasathmani | Tiny File Manager | 2.4.1 |
Related Weaknesses (CWE)
References
- https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities/
- https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a
- https://github.com/prasathmani/tinyfilemanager/issues/357
- https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities/
- https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a
- https://github.com/prasathmani/tinyfilemanager/issues/357
FAQ
What is CVE-2020-12102?
CVE-2020-12102 is a vulnerability with a CVSS score of 7.7 (HIGH). In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the fil...
How severe is CVE-2020-12102?
CVE-2020-12102 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12102?
Check the references section above for vendor advisories and patch information. Affected products include: Prasathmani Tiny File Manager.