CVE-2022-45475

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control...

CVE-2022-45476

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload...

CVE-2022-25401

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files...

CVE-2022-25104

HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/...

The vulnerability of the Adobe Bridge file manager, related to a countable loss of significance, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to a countable loss of significance. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

PT-2025-22818 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: TinyFileManager version 2.4.7 Description: A stored cross-site scripting XSS issue in the /tinyfilemanager.php component allows attackers to execute arbitrary JavaScript or HTML by injecting a crafted payload into the js-theme-3 parameter. Th...

The vulnerability of the Adobe Bridge file manager, related to access to an uninitialized pointer, allows a attacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to access to an uninitialized pointer. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2022-2356

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded...

CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

CVE-2022-3126

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...

CVE-2021-4369

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfmeditfiletitledesc AJ...

CVE-2021-4359

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...

CVE-2021-4351

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...

CVE-2021-22968

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored i...

CVE-2021-24177

In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wpfilemanagerproperties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response...

CVE-2021-20651

Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors...

CVE-2021-4344

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...

CVE-2021-32161

A Cross-Site Scripting XSS vulnerability exists in Webmin 1.973 through the File Manager feature...

CVE-2021-32162

A Cross-site request forgery CSRF vulnerability exists in Webmin 1.973 through the File Manager feature...