Design/Logic Flaw

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files...

CVE-2018-18061

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files...

Responsive Filemanager 9.8.1 Authentication Bypass

I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Authentication Bypass II. CVE REFERENCE ------------------------- CVE-2018-18061 III. VENDOR ------------------------- https://www.responsivefilemanager.com IV. REFERENCES -------------------------...

Elefant CMS Code Execution Vulnerability

Elefant CMS is a PHP-based content management system CMS. The system includes features such as an events calendar, contact form, social media integration and member login. A security vulnerability exists in the apps/filemanager/upload/drop.php file in Elefant CMS versions prior to 2.0.7. An...

Synametrics SynaMan Cross-Site Scripting Vulnerability

Synametrics SynaMan is a remote file manager from Synametrics Technologies, USA. A cross-site scripting vulnerability in Synametrics SynaMan version 4.0 build 1488 can be exploited by a remote attacker to inject arbitrary web script or HTML via the Main heading or Sub heading fields in the Partia...

File Manager < 3.1 - CSRF to Stored Cross-Site Scripting

The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the publicpath setting. PoC...

File Manager < 3.1 - CSRF to Stored Cross-Site Scripting

The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the publicpath setting...

WordPress mndpsingh287 File Manager plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. mndpsingh287 File Manager is a file management plugin used in it. A cross-site scripting vulnerability exists in t...

WordPress File Manager plugin <= 2.9 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by ly55521 in WordPress File Manager plugin versions = 2.9. Solution Update the WordPress File Manager plugin to the latest available version at least 3.0...

CVE-2018-16363

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wpfilemanager request because settransient is used in filefoldermanager.php and there is an echo of lang in lib\wpfilemanager.php...

CVE-2018-16363

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wpfilemanager request because settransient is used in filefoldermanager.php and there is an echo of lang in lib\wpfilemanager.php...

Cross site request forgery (csrf)

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wpfilemanager request because settransient is used in filefoldermanager.php and there is an echo of lang in lib\wpfilemanager.php...

CVE-2018-16363

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wpfilemanager request because settransient is used in filefoldermanager.php and there is an echo of lang in lib\wpfilemanager.php...

CVE-2018-16363

CVE-2018-16363 affects the WordPress plugin mndpsingh287 File Manager (v2.9) and is triggered via the lang parameter in the admin interface (wp-admin/admin.php?page=wp_file_manager). The root cause is the use of set_transient in file_folder_manager.php and an echo of the lang value in lib/wpfilem...

PT-2018-13518 · Mndpsingh287 · Wp File Manager

Name of the Vulnerable Software and Affected Versions: mndpsingh287 File Manager plugin version 2.9 Description: The issue concerns a cross-site scripting XSS problem. It occurs via the lang parameter in a "wp-admin/admin.php?page=wp file manager" request. This happens because set transient is us...

File Manager < 3.0 - Authenticated Reflected Cross-Site Scripting (XSS)

Lack of sanitisation in the lang parameter in the admin dashboard could allow attacker to perform reflected XSS attacks against logged in administrators PoC https://example.com/wp-admin/admin.php?page=wpfilemanager〈=zhCNalertXSS...

File Manager < 3.0 - Authenticated Reflected Cross-Site Scripting (XSS)

Lack of sanitisation in the lang parameter in the admin dashboard could allow attacker to perform reflected XSS attacks against logged in administrators https://example.com/wp-admin/admin.php?page=wpfilemanager&lang=zhCNalertXSS...

Design/Logic Flaw

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/filemanager/save...

CVE-2018-16373

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/filemanager/save...

CVE-2018-16373

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/filemanager/save...