CVE-2020-12102

Sažetak

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).

Reference

https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06
https://github.com/prasathmani/tinyfilemanager/issues/357
https://www.quantumleap.it/news/advisory/
https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/

CVSS

Base:	6.8
Impact:	6.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Zadnje važnije ažuriranje

18-05-2020 - 12:15

Objavljeno

28-04-2020 - 21:15