CVE-2020-12103

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-12103
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12103.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-12103
Published
2020-04-28T22:15:12.780Z
Modified
2026-03-14T09:51:52.570956Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

References

Affected packages

Git / github.com/prasathmani/tinyfilemanager

Affected ranges

Type
GIT
Repo
https://github.com/prasathmani/tinyfilemanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9e3877270b72e23f9834d824147063865d814b7b
Fixed
a0c595a8e11e55a43eeaa68e1a3ce76365f29d06
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.1"
        }
    ]
}

Affected versions

2.*
2.0.1
2.0.2
2.2.0
2.3
2.3.4
2.3.8
2.4.0
2.4.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12103.json"