phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
8.8CVSS
8.9AI Score
0.015EPSS
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.
6.1CVSS
6AI Score
0.0005EPSS