CVE-2013-10054

CVE-2013-10054 affects LibrettoCMS (1.1.7 and possibly earlier) via the File Manager plugin. The upload handler at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php does not properly validate file extensions, allowing unauthenticated upload of files that can be renamed to executable .php s...

Sourceforge LibrettoCMS 安全漏洞

Sourceforge LibrettoCMS is an open source content management system from Sourceforge. A security vulnerability exists in Sourceforge LibrettoCMS 1.1.7 and earlier versions, which stems from a file manager plugin that does not properly validate file extensions, and could lead to remote code...

📄 Malicious XDG Desktop File

This Metasploit module creates a malicious XDG Desktop .desktop file. On most modern systems, desktop files are not trusted by default. The user will receive a warning prompt that the file is not trusted when running the file, but may choose to run the file anyway. The default file manager...

CVE-2023-7306

The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfmdeletemultiplefiles function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts...

CVE-2023-7306

The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfmdeletemultiplefiles function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts...

CVE-2023-7306 Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfmdeletemultiplefiles function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts...

CVE-2023-7306 Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfmdeletemultiplefiles function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts...

CVE-2023-7306

The CVE-2023-7306 entry concerns the Frontend File Manager Plugin for WordPress (versions up to 21.5). The vulnerability is caused by a missing capability check in wpfm_delete_multiple_files(), enabling unauthenticated attackers to delete arbitrary posts and cause data loss. The issue is confirme...

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-30738 · WordPress · Frontend File Manager Plugin

Name of the Vulnerable Software and Affected Versions: Frontend File Manager Plugin for WordPress versions prior to 21.5 Description: The plugin is susceptible to unauthorized data loss due to a missing capability check within the wpfm delete multiple files function. This allows unauthenticated...

CVE-2025-5345

Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...

Arbitrary File Upload

Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Arbitrary File Upload via the isallowedfiletype function. An attacker can achieve remote code execution by uploading a specially crafted PHP file. Remediati...

CVE-2025-5345

Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...

PT-2025-29906 · Unknown · Bluebird Devices

Name of the Vulnerable Software and Affected Versions: Bluebird devices version 1.4.4 Bluebird devices version 1.3.6 Description: Bluebird devices contain a pre-loaded file manager application that exposes an unsecured service provider com.bluebird.system.koreanpost.IsdcardRemoteService. A local...

Bluebird 安全漏洞

Bluebird is an application from Bluebird South Korea that is used to lock a device into a dedicated mode, restricting a user's access to only specified features or applications. A security vulnerability exists in Bluebird version 1.4.4, which stems from the File Manager application exposing an...

FileBrowser 安全漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from a flaw in the authentication system that can be exploit...

CVE-2025-34100

An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...

CVE-2025-34100 BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload

An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...

CVE-2025-7108

A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file...

CVE-2025-27358

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...