CVE-2025-15138

Medium CVSS: 5.1

A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Prasathmani

Product

Tiny File Manager

CWE

CWE-22

Yayın Tarihi

2025-12-28 14:16:27

Güncelleme

2025-12-31 19:36:39

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-22 Tiny File Manager MEDIUM Prasathmani 2025

Referanslar

https://mesquite-dream-86b.notion.site/tinyfilemanager-File-Upload-RCE-Report-2c7512562197800d86b3e68534a56a91 https://vuldb.com/?ctiid.338516 https://vuldb.com/?id.338516 https://vuldb.com/?submit.714177

Benzer Kayıtlar

Medium

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due…

Medium

CVE-2025-44998

A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows…

Medium

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerabil…

Critical

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation.