52 matches found
CVE-2022-30469
Afian FileRun 20220202 is affected by an SQL injection vulnerability caused by lack of sanitization of the POST parameter metadata[] in the grid page (/ ?module=fileman§ion=get&page=grid). The issue is confirmed across multiple sources (NVD entry CVE-2022-30469, Red Hat advisory, CNVD, CVE li...
Afian FileRun SQL注入漏洞
Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQ...
CVE-2022-30470
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
CVE-2022-30470
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
Remote code execution
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
Afian FileRun 安全漏洞
Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun version 20220202, which stems from a change in the searchtikapath variable to a custom jar path that could result in remote code execution in a web server user's environment...
CVE-2022-30470
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
CVE-2022-30470
CVE-2022-30470 affects Afian FileRun (version 20220202) where changing the "search_tika_path" to a custom (previously uploaded) jar enables remote code execution in the webserver user context. The vulnerability originates from how the application loads an externally supplied jar via the search_ti...
CVE-2021-35506
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...
Design/Logic Flaw
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...
CVE-2021-35504
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...
CVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
Remote code execution
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
Remote code execution
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...
CVE-2021-35506
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...
CVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
CVE-2021-35504
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...
CVE-2021-35503
CVE-2021-35503 affects Afian FileRun 2021.03.26. The issue is a stored XSS caused by mishandling of the HTTP X-Forwarded-For header when rendering Activity Logs, implying user-supplied header data could be reflected in logs and executed in the browser. The description identifies the affected comp...
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...