Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Php File Manager Security Vulnerabilities

cve
cve

CVE-2024-5673

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser...

6.1CVSS

6AI Score

0.0005EPSS

2024-06-06 11:15 AM
22
cve
cve

CVE-2008-7027

Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to...

7.4AI Score

0.011EPSS

2009-08-21 02:30 PM
24
cve
cve

CVE-2008-4319

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query...

6.9AI Score

0.008EPSS

2008-09-29 07:25 PM
18
cve
cve

CVE-2008-3504

Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of...

6.7AI Score

0.003EPSS

2008-08-06 06:41 PM
15
cve
cve

CVE-2006-4749

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7)....

7.6AI Score

0.008EPSS

2006-09-13 10:07 PM
18
cve
cve

CVE-2006-4594

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is...

7.7AI Score

0.059EPSS

2006-09-06 10:04 PM
20
cve
cve

CVE-2006-1209

PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME]...

6.9AI Score

0.043EPSS

2006-03-14 01:06 AM
23
cve
cve

CVE-2005-1604

PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP...

7.1AI Score

0.084EPSS

2005-05-16 04:00 AM
23