3142 matches found
CVE-2020-26048
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...
Design/Logic Flaw
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...
CVE-2020-26048
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...
WordPress File Manager Plugin Remote Code Execution (CVE-2020-25213)
A remote code execution vulnerability exists in WordPress File Manager Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
The vulnerability of the RMI file manager ESMPRO Manager allows a hacker to execute arbitrary code.
The vulnerability of the RMI file manager ESMPRO Manager is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
CVE-2019-14758
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application assuming the victim chooses to download th...
CVE-2019-14758
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application assuming the victim chooses to download th...
Design/Logic Flaw
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application assuming the victim chooses to download th...
CVE-2019-14758
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application assuming the victim chooses to download th...
CVE-2019-14758
CVE-2019-14758 affects KaiOS 2.5 and 2.5.1. The pre-installed File Manager is vulnerable to HTML/JavaScript injection when a victim opens a file received via email and downloaded. The issue can let an attacker take control of the File Manager UI (for example, showing a malicious prompt to harvest...
WordPress wp-file-manager Arbitrary File Upload Vulnerability
WordPress is a blogging platform developed using the PHP language. WordPress wp-file-manager has an arbitrary file upload vulnerability that can be exploited by a remote attacker to submit a special request, upload arbitrary PHP files, and execute arbitrary code...
WordPress Plugin 'File Manager' elFinder Remote Code Execution
Binary data wordpresspluginwpfilemanagerelfinderrce.nbin...
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
Command injection
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
PT-2020-6318
Name of the Vulnerable Software and Affected Versions wp-file-manager plugin versions prior to 6.9 Description The issue allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This allows attackers ...
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
CVE-2020-25213
CVE-2020-25213 affects the WordPress WP-File-Manager plugin (versions 6.0–6.8; remediation to 6.9+). Root cause: renaming an unsafe elFinder connector file to .php allowed unauthenticated remote code execution via the plugin’s file-upload mechanism, enabling commands to write PHP into wp-content/...
File Manager Plugin for WordPress < 6.9 Remote Code Execution
The WordPress File Manager Plugin installed on the remote host is affected by a remote code execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...