3138 matches found
CVE-2023-52047
Dedecms v5.7.112 contains a Cross-Site Request Forgery (CSRF) vulnerability in the file manager. The CVE-2023-52047 entry has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue is rooted in CSRF, enabling an attacker to perform unauthorized actions on behalf of an auth...
DedeCMS Security Vulnerability
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...
CVE-2023-52047
Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery CSRF in the file manager...
PT-2024-14376 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: Dedecms version 5.7.112 Description: A Cross-Site Request Forgery CSRF issue was discovered in the file manager of Dedecms. This issue allows an attacker to perform unauthorized actions on the vulnerable system. Recommendations: For Dedecms...
CMS Made Simple 2.2.19 Cross Site Scripting
Exploit Title: CMS Made Simple Version: 2.2.19 - Stored XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Content File Manager 2 Write in New directory...
CMS Made Simple 2.2.19 Cross Site Scripting Vulnerability
Exploit Title: CMS Made Simple Version: 2.2.19 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Content File Manager 2 Write in New directory: place payload "...
WordPress File Manager Pro Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)
Software File Manager Pro Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7015 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 809f77f5638f Credits Tobias Weißhaar...
File Manager Pro < 8.3.5 - Reflected Cross-Site Scripting
Description The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Thunar: Arbitrary Code Execution
Background Thunar is a modern file manager for the Xfce Desktop Environment. Thunar has been designed from the ground up to be fast and easy to use. Its user interface is clean and intuitive and does not include any confusing or useless options by default. Thunar starts up quickly and navigating...
VulnCheck KEV: CVE-2023-35885
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...
WordPress Frontend File Manager Plugin <= 22.7 is vulnerable to Sensitive Data Exposure
Software Frontend File Manager Type Plugin Vulnerable versions = 22.7 Fixed in 22.8 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-25903 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cda7ef951c90 Credits Joshua Chan Required privileg...
CVE-2024-0761
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
CVE-2024-0761
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
Design/Logic Flaw
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
CVE-2023-6846
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server...
CVE-2023-6846
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server...
Design/Logic Flaw
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server...
CVE-2023-6846
The File Manager Pro WordPress plugin (wp-file-manager-pro) is vulnerable to Arbitrary File Upload in versions up to and including 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. Authenticated users with subscriber access can cause server-side code execution. Version 8.3.5 adds a cap...
CVE-2023-6846 File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server...
CVE-2024-0761 File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...