Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation

KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability Title: Artica Proxy Unauthenticated File Manager Vulnerability Advisory ID: KL-001-2024-003 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt 1. Vulnerability Detail...

File Manager And File Manager Pro (Multiple Versions) - Directory Traversal

Description The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possib...

elFinder Web file manager Version - 2.1.53 Remote Command Execution

Exploit Title: elFinder Web file manager Version: 2.1.53 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Google Dork: intitle:"elFinder 2.1.53" Vendor Homepage: https://studio-42.github.io/elFinder/ Software Link: https://github.com/Studio-42/elFinder/archive/refs/tags/2.1.53.zi...

CVE-2024-2055 Artica Proxy Unauthenticated File Manager Vulnerability

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user...

CVE-2024-2055 Artica Proxy Unauthenticated File Manager Vulnerability

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user...

CVE-2024-27625

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...

Cross site scripting

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...

PT-2024-21974 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.19 Description: The issue is a Cross Site Scripting XSS vulnerability that resides in the File Manager module of the admin panel. It arises due to inadequate sanitization of user input in the "New directory" field...

WordPress File Manager Plugin <= 7.2.1 is vulnerable to Path Traversal

Software File Manager Type Plugin Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2023-6825 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 7f2548079631 Credits Tobias Weißhaar kun19 Required privilege...

WordPress File Manager Pro Plugin <= 8.3.4 is vulnerable to Path Traversal

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2023-6825 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID dab5b86a4777 Credits Tobias Weißhaar kun19 Required privilege...

PT-2024-2825 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a cross-site request forgery. Exploitation of this issue may allow a remote attacker to modify access rights in the file manager. Recommendations: At the moment,...

CVE-2024-27625

CVE-2024-27625 affects CMS Made Simple version 2.2.19 and specifically targets the File Manager module in the admin panel. The root cause is inadequate sanitization of user input in the "New directory" field, enabling cross-site scripting (XSS). The vulnerability is documented across multiple sou...

Artica Proxy Unauthenticated File Manager Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel, CWE-552: Files or Directories Accessible to External Parties CVE ID:...

CVE-2024-27625

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...

CVE-2024-27625

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...

PT-2024-15101

Name of the Vulnerable Software and Affected Versions File Manager versions up to 7.2.1 File Manager Pro versions up to 8.3.4 Description The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal via the target parameter in the mk file folder manager action...

CM Download and File Manager < 2.9.1 - Download Edit via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack Make an admin open an HTML file containing the following:...

Tinyfilemanager-Wh1Z-Edition - Effortlessly Browse And Manage Your Files With Ease Using Tiny File Manager [WH1Z-Edition], A Compact Single-File PHP File Manager

Introducing Tiny File Manager WH1Z-Edition, the compact and efficient solution for managing your files and folders with enhanced privacy and security features. Gone are the days of relying on external resources – I've stripped down the code to its core, making it truly lightweight and perfect for...

CVE-2023-52047

Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery CSRF in the file manager...

CVE-2023-52047

Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery CSRF in the file manager...