CVE-2024-52306 FileManager Deserialization of Untrusted Data

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9...

CVE-2024-52306 FileManager Deserialization of Untrusted Data

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9...

CVE-2024-52306

CVE-2024-52306 affects the Backpack FileManager component used in Laravel Backpack, where deserialization of untrusted data from the mimes parameter can lead to remote code execution. The issue is caused by insecure deserialization prior to version 3.0.9. A fix is available in 3.0.9 and later. Im...

CVE-2024-52306 FileManager Deserialization of Untrusted Data

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9...

FileManager 代码问题漏洞

FileManager is a file manager in Backpack for Laravel open source. A code issue vulnerability exists in FileManager versions prior to 3.0.9, which stems from the mimes parameter deserializing untrusted data and can lead to remote code execution...

The vulnerability of the FileManager web interface, related to deserialization mechanism flaws, allows an attacker to execute arbitrary code.

The vulnerability of the FileManager web interface is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2016-15042

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...

MD-Pro 1.0.76 Shell Upload / SQL Injection Vulnerability

Exploit Title: MD-Pro 1.0.76. SQL injection + shell upload Google Dork: intext: Powered by MD-Pro Exploit Author: Emiliano Febbi Vendor Homepage: https://www.opensourcecms.com/wp-content/uploads/MDPro-website-description.png Software Link: https://www.opensourcecms.com/mdpro/ Version: 1.0.76...

CVE-2024-46362

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...

The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code

The vulnerability of the filemanager module in the CMS system Netcat is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute any JavaScript code in the user’s browser remotely...

The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code

The vulnerability of the filemanager module in the CMS system Netcat exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

PT-2024-90: Cross-Site Request Forgery (CSRF) and Path Traversal in Netcat CMS (module filemanager)

The vulnerability was identified in Netcat CMS module filemanager, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the...

PT-2024-5676 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS filemanager module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the filemanager module of the Netcat CMS system. This could allow a remote attacker to execute...

PT-2024-5678 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection for the web page structure in the filemanager module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript...

BIT-OPENCART-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompte...

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

PT-2024-18929 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: opencart/opencart versions 4.0.0.0 through 4.1.0.0 Description: A reflected XSS issue was identified in the directory parameter of the admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click ...

ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)

Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Date: 03/06/2023 Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions Tested on: Linux CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager"...

Remote Code Execution (RCE)

Overview unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE. Affected versions of this package are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. Th...