CVE-2020-12103

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-12103

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12103.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-12103

Published

2020-04-28T22:15:12.780Z

Modified

2025-11-20T11:09:00.423472Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

References

Affected packages

Git / github.com/prasathmani/tinyfilemanager

Affected ranges

Type: GIT
Repo: https://github.com/prasathmani/tinyfilemanager
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a0c595a8e11e55a43eeaa68e1a3ce76365f29d06

Affected versions

2.*

2.0.1

2.0.2

2.2.0

2.3

2.3.4

2.3.8

2.4.0

2.4.1