FileManager 安全漏洞

FileManager is a file manager in Backpack for Laravel open source. A security vulnerability exists in Filemanager v2.5.0 and earlier versions, which stems from improper directory traversal functionality that could lead to unauthorized access...

CVE-2025-46002

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

PT-2025-30045 · Unknown · File Manager

Name of the Vulnerable Software and Affected Versions: Filemanager version 2.5.0 Description: An arbitrary file upload vulnerability exists in the /rsc/filemanager.rsc.class.php component. Attackers can execute arbitrary code by uploading a crafted SVG file. Recommendations: Filemanager version...

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

FileManager 安全漏洞

FileManager is a file manager in Backpack for Laravel open source. A security vulnerability exists in Filemanager version c75b914 v.2.5.0, which stems from improper file upload functionality and could lead to the execution of arbitrary code...

CVE-2025-46001

CVE-2025-46001 affects simogeo/filemanager (Filemanager) version 2.3.0. The flaw is in is_allowed_file_type() and allows uploading a crafted PHP file, enabling remote code execution. CVSS v3.1 score is 9.8 (critical) with network attack vector, no user interaction, and no privileges required. Mul...

PT-2025-30041 · Unknown · File Manager

Name of the Vulnerable Software and Affected Versions: Filemanager version 2.3.0 Description: An arbitrary file upload vulnerability exists in the is allowed file type function. This allows attackers to execute arbitrary code by uploading a crafted PHP file. Recommendations: Filemanager version...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-46002

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

PT-2025-30042 · Unknown · File Manager

Name of the Vulnerable Software and Affected Versions: Filemanager versions 2.5.0 and below Description: An issue allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint. Recommendations: Filemanager versions prior to 2.5.0: At the...

CVE-2025-46000

CVE-2025-46000 affects Filemanager v2.5.0: the component /rsc/filemanager.rsc.class.php contains an arbitrary file upload vulnerability that allows arbitrary code execution when a crafted SVG is uploaded. Root cause is insecure file upload handling in that module. Affected software is Filemanager...

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

FileManager 安全漏洞

FileManager is a file manager in Backpack for Laravel open source. A security vulnerability exists in FileManager version v2.3.0, which stems from improper file type checking and could lead to the execution of arbitrary code...

CVE-2025-46002

CVE-2025-46002 affects Filemanager before v2.5.0 and below, where a directory traversal can be triggered by crafting requests to the filemanager.php endpoint. The vulnerability is confirmed across multiple sources (Red Hat, GitHub advisories, Snyk) and centers on improper path handling in fileman...

CVE-2025-5345 Exposed AIDL service allowing to read and delete files with system-level privileges in Bluebird filemanager application

Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...

CVE-2025-5345

Bluebird devices are affected by CVE-2025-5345 in a pre-loaded file manager app. The vulnerability resides in an unsecured AIDL service, com.bluebird.system.koreanpost.IsdcardRemoteService, which allows a local attacker to bind to the service and copy or delete arbitrary files from device storage...

CVE-2025-5345 Exposed AIDL service allowing to read and delete files with system-level privileges in Bluebird filemanager application

Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...

CVE-2025-52922

Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...

CVE-2025-52922

Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...