prasathmani TinyFileManager tinyfilemanager.php path traversal_CVE-2025-15138

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-15138

Source VulDB

Published Dec 28, 2025 at 13:32

Affected Product

Vendor prasathmani

Product TinyFileManager

Version 2.0

Affected Versions prasathmani TinyFileManager 2.0
prasathmani TinyFileManager 2.1
prasathmani TinyFileManager 2.2
prasathmani TinyFileManager 2.3
prasathmani TinyFileManager 2.4
prasathmani TinyFileManager 2.5
prasathmani TinyFileManager 2.6

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-28T13:32:08.843Z",
    "modified": "2025-12-28T13:32:08.843Z",
    "type": "cve",
    "title": "prasathmani TinyFileManager tinyfilemanager.php path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338516\nhttps://vuldb.com/?ctiid.338516\nhttps://vuldb.com/?submit.714177\nhttps://mesquite-dream-86b.notion.site/tinyfilemanager-File-Upload-RCE-Report-2c7512562197800d86b3e68534a56a91",
    "id": "CVE-2025-15138",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "prasathmani TinyFileManager 2.0\nprasathmani TinyFileManager 2.1\nprasathmani TinyFileManager 2.2\nprasathmani TinyFileManager 2.3\nprasathmani TinyFileManager 2.4\nprasathmani TinyFileManager 2.5\nprasathmani TinyFileManager 2.6",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TinyFileManager",
    "version": "2.0",
    "vendor": "prasathmani",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}