16 matches found
TinyFileManager Path Traversal Vulnerability
TinyFileManager is a web-based file manager. It is used to store, upload, edit and manage files and folders online through a web browser. TinyFileManager has a path traversal vulnerability that stems from the parameter fullpath in the file tinyfilemanager.php failing to correctly filter special...
CVE-2025-15138
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and...
EUVD-2025-205510
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2025-15138 prasathmani TinyFileManager tinyfilemanager.php path traversal
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2025-15138
TinyFileManager up to version 2.6 contains a path traversal flaw caused by manipulating the fullpath parameter in tinyfilemanager.php. The issue enables remote exploitation, with exploits published and the vendor reportedly unresponsive to disclosure. Public documents do not specify a patch versi...
CVE-2024-13991
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...
CVE-2024-13991
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...
CVE-2024-13991 Huijietong Cloud Video Platform fileDownload Arbitrary File Read
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...
EUVD-2024-55036
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...
HuiJieTong Cloud Video Platform 安全漏洞
HuiJieTong Cloud Video Platform is a cloud video platform from China-based HuiJieTong. A security vulnerability exists in HuiJieTong Cloud Video Platform, which can be exploited by an unauthenticated attacker to provide an arbitrary file path to the fullPath parameter of the...
VulnCheck KEV: CVE-2024-13991
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...
Digital-Infrastructure 路径遍历漏洞
Digital-Infrastructure is an open source management support platform from Risesoft. A path traversal vulnerability exists in Digital-Infrastructure 9.6.7 and earlier versions, which stems from improper handling of the parameter fullPath in the file Y9FileController.java, which could lead to path...
CVE-2021-40964
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file with Admin credentials or with the CSRF vulnerability with the "fullpath" parameter containing path traversal strings ../ and ..\ in order to escape the server's...
CVE-2021-40964
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file with Admin credentials or with the CSRF vulnerability with the "fullpath" parameter containing path traversal strings ../ and ..\ in order to escape the server's...
PT-2021-23019
Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Path Traversal issue exists that allows attackers to upload a file with the fullpath parameter containing path traversal strings ../ and .. to escape the server's intended workin...
Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager
✍️ Description Crss site scripting bug exist via file upload 🕵️♂️ Proof of Concept 1. Upload a file and capture the request in burpsuite . 2. Now change fullpath parameter value to xss payload in burpsuite and forward the request . and see xss is executed Video poc...