In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.4.1" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12102.json"