Lucene search
+L

182 matches found

Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51306

Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system...

8.8CVSS7.1AI score0.00839EPSS
Exploits1References6
NVD
NVD
added 2025/12/11 5:15 p.m.7 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

9.8CVSS0.00473EPSS
Exploits1References2
NVD
NVD
added 2025/12/11 5:15 p.m.8 views

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

9.1CVSS0.00498EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/11 12:0 a.m.10 views

EUVD-2025-202703

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

9.1CVSS7.2AI score0.00498EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.34 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

0.00473EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50636

Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6 Description A flaw exists in the /admin/manager.php component that allows for arbitrary file renaming. An attacker can exploit this to execute arbitrary code by renaming a PHP file to an SVG format...

7.5AI score0.00473EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/11 12:0 a.m.6 views

EUVD-2025-202767

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

7.3AI score0.00473EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.4 views

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

7.4AI score0.00498EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.3 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

7.5AI score0.00473EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.18 views

PT-2025-50635

Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6 Description A flaw exists within the /admin/filer.php component that allows attackers with Administrator privileges to execute arbitrary code. This is possible by injecting a crafted payload into an upload...

9.1CVSS7.1AI score0.00498EPSS
Exploits1References5
OSV
OSV
added 2025/12/11 12:0 a.m.6 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

8.8CVSS7.8AI score0.00473EPSS
Exploits1References4
CVE
CVE
added 2025/12/11 12:0 a.m.16 views

CVE-2025-65473

CVE-2025-65473 affects EasyImages 2.0 through 2.8.6, specifically the /admin/filer.php component. A flaw allows attackers with Administrator privileges to execute arbitrary code by injecting a crafted payload into an uploaded file name, resulting in arbitrary file rename. The Red Hat, CIRCL, NVD,...

9.1CVSS7.4AI score0.00498EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/12/11 12:0 a.m.23 views

CVE-2025-65474

CVE-2025-65474 affects EasyImages 2.0 up to and including 2.8.6. The vulnerability resides in the /admin/manager.php component, where insecure file renaming can be exploited to execute arbitrary code by renaming a PHP file to an SVG format. Impact is described as arbitrary code execution with hig...

9.8CVSS7.5AI score0.00473EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.7 views

CVE-2025-13382

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

4.3CVSS5.9AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.4 views

CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

4.3CVSS5.5AI score0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.7 views

CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

4.3CVSS0.00202EPSS
Exploits0References4
CVE
CVE
added 2025/11/25 7:28 a.m.16 views

CVE-2025-13382

The CVE concerns the WordPress Frontend File Manager Plugin (versions up to 23.4). It is vulnerable to Insecure Direct Object Reference because the plugin does not validate file ownership before processing file rename requests via the REST endpoint /wpfm/v1/file-rename. This allows an authenticat...

4.3CVSS5.5AI score0.00202EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.8 views

PT-2025-48007

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

4.3CVSS5.9AI score0.00202EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-23426

Malware in sbrugna...

5.4CVSS4.9AI score0.00423EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-9565

Malware in sbrugna...

5.5CVSS5.5AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder