cnvd - cnvd-2020-27487

cnvd-2020-27487

Vulnerability from cnvd

Title: Tiny File Manager路径遍历漏洞

Description:

Tiny File Manager是一款基于Web的开源文件管理器。

Tiny File Manager存在路径遍历漏洞。攻击者可利用该漏洞将备份文件副本放置到不同的目录下。

Severity: 中

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://tinyfilemanager.github.io/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-12103

Impacted products

Name
Tiny File Manager Tiny File Manager 2.4.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12103"
    }
  },
  "description": "Tiny File Manager\u662f\u4e00\u6b3e\u57fa\u4e8eWeb\u7684\u5f00\u6e90\u6587\u4ef6\u7ba1\u7406\u5668\u3002\n\nTiny File Manager\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u5907\u4efd\u6587\u4ef6\u526f\u672c\u653e\u7f6e\u5230\u4e0d\u540c\u7684\u76ee\u5f55\u4e0b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://tinyfilemanager.github.io/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-27487",
  "openTime": "2020-05-10",
  "products": {
    "product": "Tiny File Manager Tiny File Manager 2.4.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-12103",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-29",
  "title": "Tiny File Manager\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2020-12103 (GCVE-0-2020-12103)

Vulnerability from cvelistv5

Published

2020-04-28 21:07

Modified

2024-08-04 11:48

Severity ?

CWE

Summary

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

References

▼	URL	Tags
	https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06
	https://github.com/prasathmani/tinyfilemanager/issues/357
	https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:58.008Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/prasathmani/tinyfilemanager/issues/357"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-14T20:09:15.888492",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06"
        },
        {
          "url": "https://github.com/prasathmani/tinyfilemanager/issues/357"
        },
        {
          "url": "https://cyberaz0r.info/2020/04/tiny-file-manager-multiple-vulnerabilities/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12103",
    "datePublished": "2020-04-28T21:07:28",
    "dateReserved": "2020-04-23T00:00:00",
    "dateUpdated": "2024-08-04T11:48:58.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted