277 matches found
Sensitive Information Disclosure
github.com/filebrowser/filebrowser is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposure of sensitive data in URLs due to the use of access tokens as GET parameters, which can be logged in client- or server-side logs...
Command Injection
github.com/filebrowser/filebrowser is vulnerable to Command Injection. The vulnerability is due to improper allowlist enforcement and flawed implementation that allows users to execute shell commands beyond those explicitly permitted in their user-specific allowlist...
Improper Access Control
github.com/filebrowser/filebrowser is vulnerable to Improper Access Control. The vulnerability is due to an error-prone implementation of password-protected links, which allows an attacker to access shared files without authentication through direct download links obtained from browser history or...
Improper Command Execution Control
github.com/filebrowser/filebrowser is vulnerable to improper command execution control. The vulnerability is due to the misuse of the command execution feature that relies on a predefined allowlist, which can be bypassed using standard commands that support subcommand execution, allowing attacker...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
Brute Force
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...
Arbitrary Command Injection
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by...
Authentication Bypass by Primary Weakness
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the password protected links process. An attacker can gain unauthorized access to files by obtaining or discovering direct...
FileBrowser 命令注入漏洞
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a command injection vulnerability, which is caused by a flaw in the command execution...
FileBrowser 安全漏洞
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from an improper implementation of password-protected links,...
FileBrowser 安全漏洞
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from the lack of password policy and brute force protection,...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...
Arbitrary Command Injection
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...