Lucene search
K

52 matches found

CVE
CVE
added 2022/06/06 8:6 p.m.77 views

CVE-2022-30469

Afian FileRun 20220202 is affected by an SQL injection vulnerability caused by lack of sanitization of the POST parameter metadata[] in the grid page (/ ?module=fileman&section=get&page=grid). The issue is confirmed across multiple sources (NVD entry CVE-2022-30469, Red Hat advisory, CNVD, CVE li...

8.8CVSS9AI score0.01422EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/06/06 12:0 a.m.6 views

Afian FileRun SQL注入漏洞

Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQ...

8.8CVSS5.9AI score0.01422EPSS
Exploits1References3
OSV
OSV
added 2022/06/02 2:15 p.m.2 views

CVE-2022-30470

In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...

9.8CVSS6.3AI score
Exploits0References1
NVD
NVD
added 2022/06/02 2:15 p.m.24 views

CVE-2022-30470

In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...

9.8CVSS0.02525EPSS
Exploits0References1
Prion
Prion
added 2022/06/02 2:15 p.m.14 views

Remote code execution

In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...

7.5CVSS9.6AI score0.02525EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.5 views

Afian FileRun 安全漏洞

Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun version 20220202, which stems from a change in the searchtikapath variable to a custom jar path that could result in remote code execution in a web server user's environment...

9.8CVSS9.1AI score0.02525EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/01 2:31 p.m.32 views

CVE-2022-30470

In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...

9.9AI score0.02525EPSS
Exploits0References1
CVE
CVE
added 2022/06/01 2:31 p.m.81 views

CVE-2022-30470

CVE-2022-30470 affects Afian FileRun (version 20220202) where changing the "search_tika_path" to a custom (previously uploaded) jar enables remote code execution in the webserver user context. The vulnerability originates from how the application loads an externally supplied jar via the search_ti...

9.8CVSS9.6AI score0.02525EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/10/05 1:15 p.m.30 views

CVE-2021-35506

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...

6.1CVSS0.00712EPSS
Exploits1References2
Prion
Prion
added 2021/10/05 1:15 p.m.24 views

Design/Logic Flaw

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...

4.3CVSS6AI score0.00712EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/10/05 12:15 p.m.28 views

CVE-2021-35504

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...

7.2CVSS0.03055EPSS
Exploits1References2
NVD
NVD
added 2021/10/05 12:15 p.m.21 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

6.1CVSS0.00712EPSS
Exploits1References2
NVD
NVD
added 2021/10/05 12:15 p.m.24 views

CVE-2021-35505

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...

7.2CVSS0.0273EPSS
Exploits1References2
Prion
Prion
added 2021/10/05 12:15 p.m.19 views

Remote code execution

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...

6.5CVSS7.3AI score0.0273EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/10/05 12:15 p.m.21 views

Remote code execution

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...

6.5CVSS7.3AI score0.03055EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/10/05 12:1 p.m.26 views

CVE-2021-35506

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...

6.1AI score0.00712EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/10/05 12:0 p.m.34 views

CVE-2021-35505

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...

7.6AI score0.0273EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/10/05 11:59 a.m.32 views

CVE-2021-35504

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...

7.6AI score0.03055EPSS
Exploits1References1
CVE
CVE
added 2021/10/05 11:58 a.m.54 views

CVE-2021-35503

CVE-2021-35503 affects Afian FileRun 2021.03.26. The issue is a stored XSS caused by mishandling of the HTTP X-Forwarded-For header when rendering Activity Logs, implying user-supplied header data could be reflected in logs and executed in the browser. The description identifies the affected comp...

6.1CVSS6.5AI score0.00712EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/10/05 11:58 a.m.27 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

6.1AI score0.00712EPSS
Exploits1References1
Rows per page
Query Builder