Lucene search
K

CVE-2018-20526

🗓️ 18 Mar 2019 15:25:18Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 146 Views🌐 WEB

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php

Related
Detection
Refs
Paths
NVD
ParameterPositionPathDescriptionCWE
drequest body/fileman/php/copydir.phpPath Traversal via parameters manipulating file paths to access arbitrary filesystem files/directories.CWE-434
nrequest body/fileman/php/copydir.phpPath Traversal via parameters manipulating file paths to access arbitrary filesystem files/directories.CWE-434
frequest body/fileman/php/copyfile.phpPath Traversal via file parameter enabling access to arbitrary files.CWE-434
typerequest body/fileman/php/copyfile.phpPath Traversal via file parameter enabling access to arbitrary files.CWE-434
drequest body/fileman/php/fileslist.phpPath Traversal via directory parameter to list arbitrary filesystem paths.CWE-434
typerequest body/fileman/php/fileslist.phpPath Traversal via directory parameter to list arbitrary filesystem paths.CWE-434
actionrequest body/fileman/php/upload.phpUnrestricted file upload (double extension) allowing shell code upload to server.CWE-434
methodrequest body/fileman/php/upload.phpUnrestricted file upload (double extension) allowing shell code upload to server.CWE-434
drequest body/fileman/php/upload.phpUnrestricted file upload (double extension) allowing shell code upload to server.CWE-434
files[]request body/fileman/php/upload.phpUnrestricted file upload (double extension) allowing shell code upload to server.CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 01:53Current
9.4High risk
Vulners AI Score9.4
CVSS 27.5
CVSS 39.8
EPSS0.73663
146