CVE-2020-24312

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...

CVE-2020-24312

Summary: WordPress File Manager (wp-file-manager) plugin versions ≤ 6.4 are vulnerable to a backup disclosure due to failing to restrict access to the fm_backups directory via .htaccess, allowing unauthenticated users to browse/download site backups (potentially full database backups). Root cause...

WordPress File Manager plugin <= 6.4 - Backup File Directory Listing vulnerability

Backup File Directory Listing vulnerability found by zerodetail & ratherbland in WordPress File Manager plugin versions = 6.4. Solution Update the WordPress File Manager plugin to the latest available version at least 6.5...

Exploit for Unrestricted Upload of File with Dangerous Type in Webdesi9 File_Manager

CVE-2020-25213 wp-file-manager 6.7 20th Aug 2020 Wordpress...

Cross site scripting

PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no...

PT-2020-13860 · Codiad · Codiad

Name of the Vulnerable Software and Affected Versions: Codiad versions 1.7.8 and later Description: A Cross Site Scripting XSS issue was found due to improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. The vendor states that Codiad is no long...

CMS Made Simple Code Issue Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...

CMS Made Simple <= 2.2.15 Arbitrary File Upload Vulnerability

CMS Made Simple is prone to an arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-17462

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798...

CVE-2020-17462

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798...

Design/Logic Flaw

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798...

CVE-2020-17462

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798...

CVE-2020-17462

CMS Made Simple 2.2.14 is affected by an authenticated arbitrary file upload vulnerability in the File Manager due to not blocking .ptar files, a related issue to CVE-2017-16798. Multiple sources (NVD/CVE records, OpenVAS listing) note the issue affects 2.2.14 and, per OpenVAS, also 2.2.15 and ea...

CMS Made Simple 2.2.14 Shell Upload

Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: - Date: 2020-07-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version: 2.2.14 Tested...

CMS Made Simple 2.2.14 - Authenticated Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip...

CMS Made Simple 2.2.14 - Authenticated Arbitrary File Upload

Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: - Date: 2020-07-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version: 2.2.14 Tested...

File Manager < 6.5 - Backup File Directory Listing

The File Manager WordPress plugin could expose backup files if the web server had Directory Listing enabled. The File Manager WordPress plugin, version 6.4 and lower, failed to restrict external access to the fmbackups directory with a .htaccess file. This resulted in the ability for...

File Manager < 6.5 - Backup File Directory Listing

The File Manager WordPress plugin could expose backup files if the web server had Directory Listing enabled. The File Manager WordPress plugin, version 6.4 and lower, failed to restrict external access to the fmbackups directory with a .htaccess file. This resulted in the ability for...

The vulnerability of the fly-fm file manager is related to an error in data processing through drag-and-drop, which allows a malicious actor to cause a service failure.

The vulnerability of the fly-fm file manager is related to an error in data processing through the drag-and-drop method for manipulating interface elements. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the fly-fm file manager arises due to an incorrect path name limitation for the restricted access catalog. This allows a malicious actor to gain unauthorized access to confidential data.

The vulnerability of the fly-fm file manager exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to confidential data...