If a user replaces the folder or filename using the browser's element inspector, he can still access or download it. One of the most immediate and easy exploits would be the possibility of downloading the tinymanager PHP script itself containing the password hashes.
ner00
commented
1 year ago
If a user replaces the folder or filename using the browser's element inspector, he can still access or download it. One of the most immediate and easy exploits would be the possibility of downloading the tinymanager PHP script itself containing the password hashes.