Amaze File Manager 安全漏洞

Amaze File Manager is an open source file manager from Amaze. A security vulnerability exists in Amaze File Manager version v.3.8.5, which originates from a vulnerability that allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java...

WordPress Bit File Manager 6.5.5 Race Condition / Remote Code Execution

WordPress Bit File Manager plugin versions 6.0 through 6.5.5 suffer from a remote code execution vulnerability via a race condition...

WordPress File Manager Plugin < 5.2 Multiple SQLi Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 3.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 6.5 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 7.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 7.2.5 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 7.2.8 Missing Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation...

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...

CVE-2021-4350

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...

CVE-2021-4368

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

CVE-2022-40490

CVE-2022-40490 affects Tiny File Manager v2.4.7 and earlier. A stored XSS flaw allows an attacker to execute arbitrary code by crafting a payload in a file name (uploaded or existing). The issue affects file-name handling and could enable code execution in affected deployments. Remediation is to ...

CVE-2022-40916

Tiny File Manager vulnerability CVE-2022-40916 affects version 2.4.7 and earlier, due to a session-management flaw that enables session fixation. The issue is documented as a high-severity (CVSS 9.8) risk with network attack potential and no user interaction required. Public references indicate a...

PT-2025-5834 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: Tiny File Manager versions 2.4.7 and below Description: The issue concerns session fixation. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where thi...

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file...