CNNVD-202512-4880 Information

CNNVD ID

CNNVD-202512-4880

Related CVE

CVE-2025-15138

• CNNVD Published: 2025-12-28

Description (Chinese)

TinyFileManager是prasathmani个人开发者的一个基于 Web 的文件管理器。用于通过 Web 浏览器在线存储、上传、编辑和管理文件和文件夹。 TinyFileManager 2.6及之前版本存在路径遍历漏洞，该漏洞源于文件tinyfilemanager.php中参数fullpath的错误操作，可能导致路径遍历。

Description (English)

TinyFileManager is a Web-based file manager for Prasathmani personal developers. To store, upload, edit and manage files and folders online through a Web browser. TinyFileManager 2.6 and previous versions have path-to-path loopholes, which stem from the error of the parameter FullPath in the document TinyFileManager.php, which may lead to path-to-path runs.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-12-28

Last Modified

2026-02-24

References

https://mesquite-dream-86b.notion.site/tinyfilemanager-File-Upload-RCE-Report-2c7512562197800d86b3e68534a56a91 https://vuldb.com/?ctiid.338516 https://vuldb.com/?id.338516 https://vuldb.com/?submit.714177