PT-2025-26978

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.33.7 Description: The Markdown preview function of File Browser is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the...

PT-2025-27006

Name of the Vulnerable Software and Affected Versions: File Browser version 2.32.0 Description: The issue concerns the Command Execution feature in File Browser, which allows the execution of shell commands predefined on a user-specific allowlist. However, many tools can execute arbitrary command...

PT-2025-26977 · Unknown · Filebrowser

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.33.7 Description: The issue arises from File Browser not explicitly setting file access permissions for uploaded or created files, as well as its database. This results in files being readable by any operating...

FileBrowser 安全漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a command injection vulnerability that can be exploited by an attacker to execute arbitrary...

FileBrowser 安全漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a command injection vulnerability that can be exploited by an attacker to gain read and write...

FileBrowser 安全漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability , the vulnerability stems from the file access permissions are not...

CVE-2018-16549

HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter...

CVE-2019-10632

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files...

CVE-2011-4831

Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f encoded dot dot in the file parameter in a download action...

CVE-2015-9349

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in old" file browser...

CVE-2004-2287

Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. dot dot in the wdir parameter...

PT-2025-27475 · Unknown · Filebrowser

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.34.1 Description: The issue concerns a missing password policy and brute-force protection in the authentication process, making it insecure. Attackers could potentially mount a brute-force attack to retrieve t...

PT-2025-27007 · Unknown · Filebrowser

Name of the Vulnerable Software and Affected Versions: File Browser versions 1.11.0 and earlier, and 2.32.0 through 2.35.0 Description: File Browser provides a file managing interface. The Command Execution feature allows the execution of shell commands without proper scope restrictions,...

PT-2025-27473 · Unknown · Filebrowser

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.33.10 Description: The issue affects the implementation of the allowlist in File Browser, allowing unauthorized execution of shell commands. The impact depends on the configured commands and installed binaries...

CVE-2025-23918

Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a through = 1.1...

CVE-2025-23918

Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a through = 1.1...

CVE-2025-23918

CVE-2025-23918 concerns Smallerik File Browser, where Unrestricted Upload of File with Dangerous Type could allow an attacker to upload a Web Shell to the server. The initial description confirms the vulnerability exists in Smallerik File Browser versions up to 1.1 (n/a through 1.1). Connected so...

CVE-2025-23918 WordPress Smallerik File Browser plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a through = 1.1...

CVE-2025-23918 WordPress Smallerik File Browser plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a through = 1.1...

WordPress plugin Smallerik File Browser 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...