151 matches found
File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...
File Manager Pro < 1.8.1 - Admin+ Remote Code Execution
Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. PoC As an admin, use the File Manager UI to upload a file...
PT-2023-30751 · WordPress · File Manager Pro
Name of the Vulnerable Software and Affected Versions: File Manager Pro WordPress plugin versions prior to 1.8 Description: The issue arises from the improper checking of the CSRF nonce in the fs connector AJAX action. This allows attackers to perform highly privileged file system actions via CSR...
WordPress File Manager Pro Plugin < 1.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software File Manager Pro Type Plugin Vulnerable versions 1.8 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4827 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID f857273165df Credits Dmitrii Ignatyev Required...
File Manager Pro < 1.8 - Remote Code Execution via CSRF
Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. PoC As a Super Admin, run the following...
WordPress File Manager Pro 8.3.1 Backup Disclosure
==================================================================================================================================== | Title : WordPress - file manager pro 8.3.1 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
File Manager Pro - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application File Manager Pro published at the 'play' market has multiple vulnerabilities...
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities
Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities
Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...
Directory traversal
Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors...
CVE-2014-0804
CVE-2014-0804 affects CGENE Security File Manager Pro/Trial for Android (versions ≤ 1.0.6). Root cause: directory traversal (CWE-22) in processing file names, enabling a remote, unauthenticated attacker to create or overwrite arbitrary files in directories the app can access. Impact: arbitrary fi...