Описание
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-12102
- https://github.com/prasathmani/tinyfilemanager/issues/357
- https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06
- https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities
- https://www.quantumleap.it/news/advisory
- https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy
Связанные уязвимости
CVSS3: 7.7
nvd
почти 6 лет назад
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).