515 matches found
CVE-2025-52903
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell command which have be...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...
CVE-2025-52904
CVE-2025-52904 affects Filebrowser (v2.32.0) where the Command Execution feature is not scoped per user, allowing shell commands to run with the server process UID and access files across all scopes, potentially exposing the password database and enabling unauthorized read/write access. The repor...
CVE-2025-52904 File Browser: Command Execution not Limited to Scope
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions of the web application on the 2.x branch, all users have a scope assigned, and they only have access to the files within that scope. The...
CVE-2025-52904 File Browser: Command Execution not Limited to Scope
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command...
CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell command which have be...
CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...
CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell command which have be...
CVE-2025-52903
CVE-2025-52903 affects the open-source web file browser project File Browser (filebrowser/filebrowser), specifically version 2.32.0. The issue stems from the Command Execution feature, which is intended to run only predefined shell commands, but can be exploited to run arbitrary subcommands, effe...
CVE-2025-52900
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...
CVE-2025-52902
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...
CVE-2025-52902 File Browser has Stored Cross-Site Scripting vulnerability
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...
CVE-2025-52902 File Browser has Stored Cross-Site Scripting vulnerability
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...
CVE-2025-52902
CVE-2025-52902 concerns the open‑source File Browser project, where the Markdown preview feature in versions before 2.33.7 is vulnerable to Stored Cross‑Site Scripting (XSS). If a user uploads a Markdown file containing JavaScript, the code can be executed when another user previews the file. The...
CVE-2025-52902 File Browser has Stored Cross-Site Scripting vulnerability
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...
CVE-2025-52900 File Browser has Insecure File Permissions
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...
CVE-2025-52900 File Browser has Insecure File Permissions
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...
CVE-2025-52900
Summary: CVE-2025-52900 affects the File Browser project. On servers running versions prior to 2.33.7, the application does not explicitly set permissions for uploaded/created files and its database, so file access is governed by the system umask. This can allow all OS accounts on the server to r...
CVE-2025-52900 File Browser has Insecure File Permissions
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...
PT-2025-26978
Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.33.7 Description: The Markdown preview function of File Browser is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the...