GHSA-G3P2-HFQR-9M25 Improper file handling in concrete5/core

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored ...

CVE-2021-22968

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored i...

CVE-2021-22951

Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...

Design/Logic Flaw

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored i...

CVE-2021-22968

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored i...

PT-2021-15303 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.6 and below Description: A bypass in the Concrete CMS File Manager leads to remote code execution. The external file upload feature stages files in the public directory even if they have disallowed file extensions,...

Mahara Path Traversal Vulnerability

Mahara is a social networking system. The system includes a blog, resume builder, file manager, and more. Mahara suffers from a security vulnerability that allows an attacker to bypass the intended access control on HTML files through directory traversal...

CVE-2021-36697

With an admin account, the .htaccess file in Artica Pandora FMS =755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP...

CVE-2021-36697

With an admin account, the .htaccess file in Artica Pandora FMS =755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP...

Design/Logic Flaw

With an admin account, the .htaccess file in Artica Pandora FMS =755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP...

CVE-2021-36697

With an admin account, the .htaccess file in Artica Pandora FMS =755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP...

CVE-2021-36697

CVE-2021-36697 affects Artica Pandora FMS

Artica Pandora FMS 注入漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS 755 and earlier versions, which stems from the fact that .htaccess...

WordPress File Manager Plugin Remote Code Execution Vulnerability

WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site...

ECOA BAS controller path traversal vulnerability

Ecoa Bas controller is a building automation controller from Ecoa Technologies Corp. in China. A path traversal vulnerability exists in Ecoa Bas controller, which can be exploited by attackers to compromise the device directory content by using the GET parameter in the file manager...

CVE-2021-40188

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server...

CVE-2021-40188

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server...

Privilege escalation

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server...

Phpfusion 代码问题漏洞

PHPFusion is a lightweight open source content management system. An arbitrary file upload vulnerability exists in PHPFusion version 9.03.110. The vulnerability stems from the File Manager feature in the admin panel not filtering PHP extensions. An attacker can exploit this vulnerability to uploa...

Afian FileRun 注入漏洞

Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun 2021.03.26 that allows remote code execution...