41 matches found
CyberPanel 后置链接漏洞
CyberPanel is a virtual hosting control panel developed by Usman Nasir, which includes DNS and email servers. Version 2.1 of CyberPanel has a post-backlink vulnerability. This vulnerability stems from an issue with the filemanager controller endpoint, where command execution is possible. This cou...
Livewire Filemanager security vulnerabilities
Livewire Filemanager is an open-source file management software developed by Livewire. There is a security vulnerability in Livewire Filemanager, which stems from the lack of file type and MIME validation in the LivewireFilemanagerComponent.php file. This vulnerability may allow remote code...
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...
EUVD-2018-13335
Malware in sbrugna...
EUVD-2018-13337
Malware in sbrugna...
EUVD-2019-4881
Malware in sbrugna...
Directory Traversal
simogeo/filemanager is vulnerable to Directory Traversal. The vulnerability is due to improper input validation caused by the filemanager.php endpoint failing to sanitize user input in crafted HTTP requests, allowing attackers to traverse directories...
CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...
Relative Path Traversal
Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Relative Path Traversal via the filemanager.php endpoint. An attacker can access files outside the intended directory by sending a crafted HTTP request...
GHSA-R7Q6-6FMQ-MX4C Filemanager is vulnerable to Relative Path Traversal through filemanager.php
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
Filemanager is vulnerable to Relative Path Traversal through filemanager.php
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
GHSA-M5HW-RHVR-F47C simogeo/filemanager arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
CVE-2025-46002
CVE-2025-46002 affects Filemanager before v2.5.0 and below, where a directory traversal can be triggered by crafting requests to the filemanager.php endpoint. The vulnerability is confirmed across multiple sources (Red Hat, GitHub advisories, Snyk) and centers on improper path handling in fileman...
CVE-2025-46001
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-46001
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...