Frontend File Manager < 21.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. As the plugin does not validate the allowed file type, this could lead to attackers making admins allowing PHP file to be uploaded by any...

Frontend File Manager < 21.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. As the plugin does not validate the allowed file type, this could lead to attackers making admins allowing PHP file to be uploaded by any...

Google KFM 跨站脚本漏洞

Google KFM is an ajax file browser and manager from Google, Inc. A security vulnerability exists in Google KFM that stems from a cross-site scripting XSS vulnerability that can be triggered via a crafted GET request to /kfm/index.php...

Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion Vulnerabilities

Exploit Title: Owlfiles File Manager 12.0.1 - multi vulnerabilities Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/owlfiles-file-manager/id510282524 Version: 12.0.1 Tested on: Ios 16.0 path traversal on HTTP built-in server GET...

Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion

Exploit Title: Owlfiles File Manager 12.0.1 - multi vulnerabilities Date: Sep 19, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/owlfiles-file-manager/id510282524 Version: 12.0.1 Tested on: Ios 16.0 path traversal on HTTP...

PT-2022-5044 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions prior to 12.0.2 Adobe Bridge versions prior to 11.1.3 Description: The issue is related to an out-of-bounds write vulnerability in the file manager. This could allow an attacker to execute arbitrary code with the help of...

CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

Design/Logic Flaw

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

CVE-2022-38296

CVE-2022-38296 (Cuppa CMS v1.0) : The connected sources confirm an arbitrary file upload vulnerability via the File Manager. Nuclei indicates the impact could be remote code execution on the affected system. The CVE entry lists a 9.8 CVSS v3.1 score. Remediation guidance in the connected document...

PT-2022-24346 · Cuppacms · Cuppacms

Name of the Vulnerable Software and Affected Versions: Cuppa CMS version 1.0 Description: The issue is related to an arbitrary file upload vulnerability via the File Manager. This allows for potential malicious file uploads. Recommendations: For Cuppa CMS version 1.0, consider disabling the File...

CuppaCMS 代码问题漏洞

CuppaCMS is a content management system CMS. A security vulnerability exists in CuppaCMS v1.0, which stems from an arbitrary file upload vulnerability via the included file manager...

AirDisk 7.5.5 Cross Site Scripting Vulnerability

Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 1/ Starting the...

AirDisk 7.5.5 Cross Site Scripting

Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Date: Sep 8, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 ...

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The plugin allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server curl -i -s -k -X 'POST' --data-binary...

WordPress Frontend File Manager plugin <= 21.2 - Unauthenticated File Renaming vulnerability

Unauthenticated File Renaming vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Frontend File Manager plugin versions = 21.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.3...

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The plugin allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server PoC curl -i -s -k -X 'POST' --data-binary...

Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE PoC 1. Navigate to the page where ffmwp shortcode is included as Subscriber 2...