Submit #787942: github.com/prasathmani tinyfilemanager 2.6 Path Traversalinfo

Titlegithub.com/prasathmani tinyfilemanager 2.6 Path Traversal
DescriptionA path traversal vulnerability in the mass delete handler allows an authenticated non-readonly user to delete arbitrary files outside the application's root directory by supplying traversal sequences in the file[] POST parameter, allow Delete any file readable by the web server process outside the managed directory
Source⚠️ https://drive.google.com/file/d/14taA8w3e5z3gl4WttpB4_CquwQdz1i6r/view?usp=sharing
User
 0xNayel (UID 80926)
Submission03/25/2026 07:08 (4 months ago)
Moderation04/17/2026 10:39 (23 days later)
StatusAccepted
VulDB entry358039 [prasathmani TinyFileManager up to 2.6 POST Parameter /filemanager.php file[] path traversal]
Points19

Do you want to use VulDB in your project?

Use the official API to access entries easily!