CVE-2020-12103

Source
https://cve.org/CVERecord?id=CVE-2020-12103
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12103.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-12103
Published
2020-04-28T22:15:12.780Z
Modified
2026-07-08T12:06:20.869967Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

References

Affected packages

Git / github.com/prasathmani/tinyfilemanager

Affected ranges

Type
GIT
Repo
https://github.com/prasathmani/tinyfilemanager
Events
Database specific
{
    "cpe": "cpe:2.3:a:prasathmani:tiny_file_manager:2.4.1:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.4.1"
        },
        {
            "last_affected": "2.4.1"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12103.json"