CVE-2025-15138 | prasathmani TinyFileManager up to 2.6 tinyfilemanager.php fullpath path traversal

A vulnerability identified as critical has been detected in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal.

This vulnerability is registered as CVE-2025-15138. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way. If you want to get best quality of vulnerability data, you may have to visit VulDB.

CVE-2025-15138 | prasathmani TinyFileManager up to 2.6 tinyfilemanager.php fullpath path traversal

Post correlati

CVE-2025-26767 | Themeum Qubely Plugin up to 1.8.12 on WordPress cross site scripting

CVE-2024-23808 | OpenHarmony up to 4.0.0 Pre-installed Apps out-of-bounds

CVE-2025-61454 | Bhabishya-123 E-commerce 1.0 Search Endpoint cross site scripting

CVE-2024-47248 | Apache NimBLE up to 1.7.0 MESH Message buffer overflow