[GH-ISSUE #357] security breaches in tiny file manager #260

New issue

Closed

opened 2026-03-02 15:57:18 +03:00 by kerem · 3 comments

kerem commented

2026-03-02 15:57:18 +03:00

Owner

Originally created by @peefour on GitHub (May 11, 2020).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/357

hi,

are you aware of this?

https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/

Originally created by @peefour on GitHub (May 11, 2020). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/357 hi, are you aware of this? https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/ see also other mentions: https://www.google.com/search?newwindow=1&sxsrf=ALeKk0025t2B-Upsat5D1t8HcK2-iLWyTw%3A1582747077534&ei=xc1WXs2dIMSYkwWvyqGICQ&q=tiny%20file%20manager%20vulnerabilities

kerem

2026-03-02 15:57:18 +03:00

closed this issue
added the
Security
label

kerem commented

2026-03-02 15:57:19 +03:00

Author

Owner

@si458 commented on GitHub (May 14, 2020):

i concur this issue
it is affected and the vulnerability does work and expose stuff it shouldnt do...
awaiting a fix

@si458 commented on GitHub (May 14, 2020): i concur this issue it is affected and the vulnerability does work and expose stuff it shouldnt do... awaiting a fix

kerem commented

2026-03-02 15:57:19 +03:00

Author

Owner

@prasathmani commented on GitHub (May 18, 2020):

@peefour, issue has been fixed now, kindly close the open CVEID.

@prasathmani commented on GitHub (May 18, 2020): @peefour, issue has been fixed now, kindly close the open CVEID.

kerem commented

2026-03-02 15:57:20 +03:00

Author

Owner

@peefour commented on GitHub (May 19, 2020):

thank you! what is cveid?

Peefy - Chat @ Spike [ikp6a]

On May 18, 2020 at 8:09 GMT, Prasath Mani notifications@github.com wrote:

@peefour, issue has been fixed now, kindly close the open CVEID.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.

@peefour commented on GitHub (May 19, 2020): thank you! what is cveid? [Peefy - Chat @ Spike](https://spikenow.com/r/a/?ref=spike-organic-signature&_ts=ikp6a) [ikp6a] On May 18, 2020 at 8:09 GMT, Prasath Mani <notifications@github.com> wrote: [@peefour](https://github.com/peefour), issue has been fixed now, kindly close the open CVEID. — You are receiving this because you were mentioned. Reply to this email directly, [view it on GitHub](https://github.com/prasathmani/tinyfilemanager/issues/357#issuecomment-630018395), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AATF6RV4NXREEHAIXHXKZJLRSDULTANCNFSM4M5SFXYA).