PT-2024-36632 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.4 Description: The issue allows unauthenticated attackers to extract sensitive data, including backups or other sensitive information, if the files have been moved ...

WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin File Manager versions = 7.2.7...

WordPress File Manager Plugin <= 7.2.7 is vulnerable to Broken Access Control

Software File Manager Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37254 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64eee288cde4 Credits Rafie Muhammad Patchstack Requir...

GHSA-PQHQ-77PW-763C Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompte...

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

CVE-2024-5673

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

CVE-2024-5673 Cross-Site Scripting in PHP File Manager by Dulldusk

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

CVE-2024-5673 Cross-Site Scripting in PHP File Manager by Dulldusk

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fmcurrentdir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session...

CVE-2024-5673

CVE-2024-5673 affects Dulldusk’s PHP File Manager v1.7.8. The vulnerability is an cross-site scripting (XSS) flaw that can be triggered via the fm_current_dir parameter of index.php. An attacker could deliver a crafted JavaScript payload to an authenticated user, enabling partial hijacking of tha...

PHP File Manager security vulnerability

PHP File Manager is a complete file system management tool from the individual developers at Dulldusk. A security vulnerability exists in PHP File Manager version 1.7.8, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to hijack a browser session b...

CVE-2023-46694

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...

Vtenext 安全漏洞

Vtenext is a Customer Relationship Management system from the Italian company Vtenext that helps users manage the CRM process in their business activities. A security vulnerability exists in Vtenext version 21.02, which arises from the application's failure to implement proper authentication...

PT-2024-13371 · Vtenext +1 · Vtenext +1

Name of the Vulnerable Software and Affected Versions: Vtenext version 21.02 Description: The issue allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication...

CVE-2024-35166 WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3...

CVE-2023-40514

LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this...

CVE-2023-40514

LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this...

PT-2024-12094 · Xiaomi · Xiaomi File Manager

Name of the Vulnerable Software and Affected Versions: Xiaomi File Manager affected versions not specified Description: A path traversal vulnerability exists in the Xiaomi File Manager application, caused by unfiltered special characters. This allows attackers to overwrite and execute code in...

Cross-site Scripting (XSS)

ajenti is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper filename sanitization within the File Manager, which allows an attacker to inject malicious JavaScript...

Exploit for Unrestricted Upload of File with Dangerous Type in Cubecart

Arbitrary File Upload Leads to RCE CVE-2024-33438 CubeCart &...

The vulnerability of the Adobe Bridge file manager arises from the occurrence of out-of-buffer operations in memory, which allows an attacker to gain unauthorized access to protected information and circumvent the ASLR protection mechanism.

The vulnerability of the Adobe Bridge file manager is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and bypass the ASLR protection mechanism using a specially...