Home > Vulnerability Database > CVE-2020-12103

Mend.io Vulnerability Database

CVE-2020-12103

Date: May 18, 2020

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

Language: PHP

Severity Score

7.7

Related Resources (6)

Url: https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06

Url: https://github.com/prasathmani/tinyfilemanager/issues/357

Url: https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-12103

Url: https://www.quantumleap.it/news/advisory/

Url: https://www.mend.io/vulnerability-database/CVE-2020-12103

Severity Score

7.7

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-12103

Date: May 18, 2020

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?