Detections
Analytics
Tiny File Manager Unauthenticated Access
medium Web App Scanning Plugin ID 114972
Language:
Synopsis
Tiny File Manager Unauthenticated AccessDescription
Tiny File Manager is a web-based file manager written in PHP. It allows users to manage files on a web server through a simple and user-friendly interface. When authentication is not enforced, an attacker can access the File Browser interface without any credentials. This can lead to unauthorized access to files and directories on the server, potentially exposing sensitive information or allowing for further exploitation of the system.Solution
Authentication should be enforced to prevent unauthorized access to the Tiny File Manager interface.See Also
https://github.com/prasathmani/tinyfilemanager
https://github.com/prasathmani/tinyfilemanager/wiki/Security-and-User-Management
Plugin Details
Severity: Medium
ID: 114972
Type: remote
Family: Web Applications
Published: 9/26/2025
Updated: 9/26/2025
Scan Template: basic, full, pci, scan
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score Source: Tenable
CVSS v4
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score Source: Tenable
Vulnerability Information
CPE: cpe:2.3:a:tiny_file_manager_project:tiny_file_manager:*:*:*:*:*:*:*:*
Reference Information
CWE: 284
OWASP: 2010-A8, 2013-A7, 2017-A5, 2021-A1
WASC: Insufficient Authorization
CAPEC: 19, 441, 478, 479, 502, 503, 536, 546, 550, 551, 552, 556, 558, 562, 563, 564, 578
DISA STIG: APSC-DV-000460
HIPAA: 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-1.4.2
PCI-DSS: 3.2-6.5.8