CVE-2018-16966

CVE-2018-16966 concerns the WordPress plugin “mndpsingh287 File Manager” (v3.0) where a CSRF vulnerability exists via the page=wp_file_manager_root public_path parameter. The issue allows an attacker to trigger actions on behalf of a logged-in user (requires user interaction per CVSS3) without au...

CVE-2018-20775

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...

CVE-2018-16363

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wpfilemanager request because settransient is used in filefoldermanager.php and there is an echo of lang in lib\wpfilemanager.php...

PT-2018-13518 · Mndpsingh287 · Wp File Manager

Name of the Vulnerable Software and Affected Versions: mndpsingh287 File Manager plugin version 2.9 Description: The issue concerns a cross-site scripting XSS problem. It occurs via the lang parameter in a "wp-admin/admin.php?page=wp file manager" request. This happens because set transient is us...

File Manager <= 5.0.0 - Information Disclosure

The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files...

CVE-2017-11611

Wolf CMS 0.8.3.1 allows Cross-Site Scripting XSS attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/filemanager/" script aka an...

N-Media File Uploader <= 3.7 - Arbitrary File Upload

The Frontend File Manager Plugin WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

Frog CMS 0.9.5 - Arbitrary File Upload

Frog CMS 0.9.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5 Date : 2014-07-07 Exploit Author : Javid Hussain Vendor Homepage : http://www.madebyfrog.com Exploit-DB Note: All authenticated users can upload files. If the file does not have execute permissions the C...

WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload

WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload Exploit Title: Wordpress front file manager 0.1 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/front-file-manager/ Date: 07/06/2012 Exploit Author: Adrien Thierry adrien dot thierryfr at gmail dot com Vendor Homepage:...

Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities

Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download: http://www.madebyfrog.com/public/download/files/frog095.tar.gz --- -= CSRF PoC 1 - Create Admin User =- Frog CMS 0.9.5 Multiple CSRF...