The vulnerability of the CMS system Netcat, related to the manipulation of inter-site requests, allows a hacker to alter access rights in the file manager.

The vulnerability of the CMS system Netcat is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to remotely modify access rights in the file manager...

CVE-2024-2654

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fmdownloadbackup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the...

CVE-2024-2654

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fmdownloadbackup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the...

CVE-2024-2654

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fmdownloadbackup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the...

CVE-2024-2654 File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fmdownloadbackup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the...

CVE-2024-2654

CVE-2024-2654 refers to the WordPress File Manager plugin, affecting all versions up to 7.2.5. It enables Directory Traversal via fm_download_backup, allowing an authenticated attacker with administrator privileges to read the contents of arbitrary zip files on the server, potentially exposing se...

GHSA-V24P-7P4J-QVVF Contao: Cross site scripting in the file manager

Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Patches Update to Contao 4.13.40 or Contao 5.3.4. Workarounds Disable uploads for untrusted users. References...

Contao: Cross site scripting in the file manager

Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Patches Update to Contao 4.13.40 or Contao 5.3.4. Workarounds Disable uploads for untrusted users. References...

CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

Cross site scripting in the file manager

Date : 2024-04-09 CVE ID : CVE-2024-28190 Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao...

WordPress Plugin File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-21416 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager plugin for WordPress versions up to, and including, 7.2.5 Description: The issue allows authenticated attackers with administrator access and above to read the contents of arbitrary zip files on the server, which can contain...

Cross Site Scripting

concrete5/concrete5 is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient validation of administrator provided data in the Advanced File Search Filter, allowing rogue administrators to add malicious code in the file manager...

WordPress File Manager plugin <= 7.2.5 - Authenticated (Administrator+) Directory Traversal vulnerability

Authenticated Administrator+ Directory Traversal vulnerability discovered by DarkT in WordPress Plugin File Manager versions = 7.2.5...

File Manager < 7.2.6 - Authenticated (Administrator+) Directory Traversal

Description The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fmdownloadbackup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip file...

WordPress File Manager Plugin <= 7.2.5 is vulnerable to Path Traversal

Software File Manager Type Plugin Vulnerable versions = 7.2.5 Fixed in 7.2.6 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-2654 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 1c905e547371 Credits DarkT Required privilege Administrator...

Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...

CVE-2024-3178

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...

CVE-2024-3178

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...