CVE-2023-26321

A path traversal vulnerability exists in the Xiaomi File Manager application productinternational version. The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file...

CVE-2023-26321

CVE-2023-26321 affects the international version of Xiaomi File Manager and is a path traversal vulnerability caused by unfiltered special characters, enabling overwriting and code execution in the file. Public data assigns a high/critical impact profile (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:...

CVE-2023-26321 The international version of Xiaomi File Manager has a path traversal vulnerability

A path traversal vulnerability exists in the Xiaomi File Manager application productinternational version. The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file...

CVE-2023-26321 The international version of Xiaomi File Manager has a path traversal vulnerability

A path traversal vulnerability exists in the Xiaomi File Manager application productinternational version. The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file...

Xiaomi File Manager 安全漏洞

Xiaomi File Manager is a free and secure tool from the Chinese company Xiaomi Xiaomi. It helps find files faster, manage them easily and share them with others offline. A security vulnerability exists in Xiaomi File Manager that stems from unfiltered special characters that result in path...

CVE-2024-8164

A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument newname causes unrestricted upload. The attack can be initiated remotely...

CVE-2024-8165 Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal

A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/filemanager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit i...

CVE-2024-8163

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/filemanager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The...

Everbrite BeikeShop 路径遍历漏洞

Everbrite BeikeShop is an e-commerce system from China Everbright Everbrite. A path traversal vulnerability exists in Everbrite BeikeShop 1.5.5 and earlier versions, which originates in the destroyFiles function of the file /admin/filemanager/files, where manipulation of the parameter files can...

PT-2024-38849

Name of the Vulnerable Software and Affected Versions: Chengdu Everbrite Network Technology BeikeShop versions up to 1.5.5 Description: A critical issue has been found, affecting the rename function of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the new name...

Everbrite BeikeShop 代码问题漏洞

Network etc. are Cloudburst open source products. network is a network component. backpack for Laravel FileManager etc. are Backpack for Laravel open source products. fileManager is a file manager. clickHouse ch etc. are ClickHouse open source products. ch is a ClickHouse low-level Go client...

WordPress File Manager Pro plugin <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by siunam in WordPress Plugin File Manager Pro versions = 8.3.7...

CVE-2024-7559

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mkfilefoldermanager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-7559

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mkfilefoldermanager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-7559 File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mkfilefoldermanager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-7559

CVE-2024-7559 – File Manager Pro (WordPress) Arbitrary File Upload . The vulnerability arises from missing file type validation and missing capability checks in the mk_file_folder_manager AJAX action across versions up to and including 8.3.7. An authenticated attacker with Subscriber-level access...

WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

WordPress plugin File Manager Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-38419 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.7 Description: The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk file...

CVE-2024-42630

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createfile...