3141 matches found
CVE-2023-29657
CVE-2023-29657 affects eXtplorer 2.1.15. The vulnerability arises from insecure permissions in the file manager’s upload feature, allowing a ZIP containing PHP pages to be uploaded and executed, leading to arbitrary code execution. Impact is described as high (C: High, I: High, A: High) with netw...
kodbox 跨站脚本漏洞
kodbox is a web file manager. A security vulnerability exists in kodbox 1.37 and earlier versions, which is rooted in a vulnerability to cross-site scripting XSS attacks via debugging messages...
Directory Traversal
contao/contao and contao/core-bundle are vulnerable to Directory Traversal. The vulnerability exists in DCFolder.php which allows an attacker to list files outside the document root in the file manager...
PHPFusion 9.10.30 Cross Site Scripting
Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting XSS Application: PHPFusion Version: 9.10.30 Bugs: XSS Technology: PHP Vendor URL: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/ Date of found: 28-04-2023 Author: Mirabbas Ağalarov...
PHPFusion 9.10.30 - Stored Cross-Site Scripting Vulnerability
Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting XSS Application: PHPFusion Version: 9.10.30 Bugs: XSS Technology: PHP Vendor URL: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/ Date of found: 28-04-2023 Author: Mirabbas Ağalarov...
PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting XSS Application: PHPFusion Version: 9.10.30 Bugs: XSS Technology: PHP Vendor URL: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/ Date of found: 28-04-2023 Author: Mirabbas Ağalarov...
WordPress Bit File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection
Software Bit File Manager Type Plugin Vulnerable versions = 5.2.7 Fixed in 6.0.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-47599 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 73c858fcfca7 Credits rezaduty Required privilege Administrator...
GHSA-FP7Q-XHHW-6RJ3 Path traversal vulnerability in the file manager
Impact Authenticated users in the back end can list files outside the document root in the file manager. Patches Update to Contao 4.9.40, 4.13.21 or 5.1.4. Workarounds None. References https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager For more information If you ha...
Path traversal vulnerability in the file manager
Impact Authenticated users in the back end can list files outside the document root in the file manager. Patches Update to Contao 4.9.40, 4.13.21 or 5.1.4. Workarounds None. References https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager For more information If you ha...
CVE-2023-29200
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao...
Design/Logic Flaw
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao...
CVE-2023-29200 contao/core-bundle has path traversal vulnerability in the file manager
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao...
CVE-2023-29200 contao/core-bundle has path traversal vulnerability in the file manager
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao...
Directory traversal vulnerability in the file manager
More info at https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html...
Directory traversal vulnerability in the file manager
More info at https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html...
Directory traversal in the file manager
Date : 2023-04-25 CVE ID : CVE-2023-29200 Authenticated users in the back end can list files outside the document root in the file manager. However, it is not possible to read the contents of these files. Thanks to Daniel Barros for reporting the problem. Affected versions Contao 4.0 Contao 4.1...
Contao 路径遍历漏洞
Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A path traversal vulnerability exists in Contao versions prior to 4.9.40, 4.13.21, and 5.1.4. An attacker exploiting this vulnerability could list...
flatnux 2021-03.25 Remote Code Execution
Exploit Title: flatnux-2021-03.25 - Remote Code Execution Authenticated Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://en.altervista.org Software Link: http://flatnux.altervista.org/flatnux.html Version: 2021-03.25 Tested on: Windows/Linux POST...
WordPress WP-file-manager v6.9 Plugin - Unauthenticated Arbitrary File Upload Exploit
!/usr/bin/env Exploit Title: WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Date: 22-01-2023 Exploit Author: BLY Vendor Homepage: https://wpscan.com/vulnerability/10389 Version: File Manager plugin 6.0-6.9 Tested on: Debian CVE : CVE-2020-25213 import...
WordPress File Manager 6.9 Shell Upload
!/usr/bin/env Exploit Title: WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Date: 22-01-2023 Exploit Author: BLY Vendor Homepage: https://wpscan.com/vulnerability/10389 Version: File Manager plugin 6.0-6.9 Tested on: Debian CVE : CVE-2020-25213 import...