CVE-2023-4480

CVE-2023-4480 describes an out-of-date dependency in the Fusion File Manager (admin panel) that allows a crafted request to read arbitrary system files and write files to arbitrary locations, constrained by mime-type and file extension validation. The vulnerability affects the Fusion File Manager...

CVE-2023-4480 Arbitrary File Read in Fusion File Manager

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

CVE-2023-4480 Arbitrary File Read in Fusion File Manager

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

CVE-2023-3814

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...

Code injection

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...

CVE-2023-3814 Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...

CVE-2023-3814 Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...

PT-2023-26320 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager WordPress plugin versions prior to 5.1.1 Description: The issue allows site admin users to list and read arbitrary files and folders on the server due to inadequate authorization on multisite installations...

WordPress plugin Advanced File Manager Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An Access Control Error vulnerability previously existed...

CVE-2023-41163

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down...

CVE-2023-41163

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down...

CVE-2023-41163

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down...

CVE-2023-41163

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down...

Webmin Usermin 跨站脚本漏洞

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A security vulnerability in webmin Usermin version 2.000, which originates from a cross-site scripting XSS vulnerability in the File Manager tab, allows remote...

PT-2023-27839 · Usermin · Usermin

Name of the Vulnerable Software and Affected Versions: Usermin version 2.000 Description: A Reflected Cross-site scripting XSS issue in the file manager tab allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools...

CVE-2023-41163

CVE-2023-41163 is a reflected XSS vulnerability in the Usermin 2.000 File Manager tab. The issue stems from the replace in results field under the tools drop-down, which allows an attacker to inject arbitrary web script/HTML when rendering results. Affected software: Usermin 2.000 (File Manager t...

CVE-2023-24517

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue unrestricted file upload to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue unrestricted file upload to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-24517

Summary: CVE-2023-24517 affects the Pandora FMS File Manager component, enabling an unrestricted file upload that can be used to execute arbitrary system commands. Affected versions include Pandora FMS prior to 7.67 (notably v7.67 is cited as the fixed version). Root cause described in PT Securit...

Artica Pandora FMS 代码问题漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS due to an unrestricted upload of dangerous types of files...