Primary

Context

prasathmani TinyFileManager Path Traversal Vulnerability in tinyfilemanager.php

Vulnerability

A path traversal vulnerability has been identified in prasathmani TinyFileManager versions through 2.6. The issue arises in the file tinyfilemanager.php, where the fullpath parameter can be manipulated to traverse directories. This vulnerability can be exploited remotely, and an exploit is publicly available.

Impact

Exploitation of this vulnerability allows for path traversal, which can lead to unauthorized access to files and directories outside the intended directory structure.

Reproduction

To reproduce this vulnerability, upload a file through the TinyFileManager interface, specifying a path in the fullpath parameter that includes directory traversal sequences. The application improperly validates the path, allowing the file to be uploaded to an arbitrary location on the server.

Added: Dec 28, 2025, 2:18 PM

Updated: Dec 28, 2025, 2:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

prasathmani TinyFileManager Path Traversal Vulnerability in tinyfilemanager.php

Vulnerability

Impact

Reproduction

Affected Products

prasathmani TinyFileManager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating