CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

Directory traversal

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

PT-2022-25496 · League Of Extraordinary Packages +1 · League/Flysystem +1

Name of the Vulnerable Software and Affected Versions: UniSharp laravel-filemanager aka Laravel Filemanager versions prior to 2.6.4 league/flysystem versions prior to 2.0.0 Description: The issue allows download?working dir=%2F.. directory traversal to read arbitrary files. This has been exploite...

laravel-filemanager 路径遍历漏洞

laravel-filemanager is a file upload/editor for Laravel 5 through 6 and CKEditor / TinyMCE. A path traversal vulnerability exists in versions of laravel-filemanager prior to 2.5.1, which stems from the fact that it allows reading arbitrary files by traversing directories via special URLs...

VulnCheck KEV: CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

CVE-2022-40734

Laravel Filemanager (UniSharp) before 2.6.4 is vulnerable to local file inclusion via the download?working_dir=%2F.. parameter, enabling directory traversal to read arbitrary files. The flaw is tied to league/flysystem versions earlier than 2.0.0. In practice, versions up to 2.6.3 may be affected...

CVE-2017-20145

CVE-2017-20145 affects Tecrail Responsive Filemanger up to version 9.10.x. The root cause is a path traversal vulnerability that enables remote access to files. Several connected sources corroborate a critical impact and indicate upgrading to version 9.11.0 as the fix. In at least one reference, ...

CVE-2017-20145 Tecrail Responsive Filemanger path traversal

A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issu...

Tecrail Responsive Filemanger 路径遍历漏洞

Tecrail Responsive Filemanger is a free open source file manager and image manager from Tecrail Italy. A security vulnerability exists in Tecrail Responsive Filemanger version 9.11.0 and earlier versions, which can be exploited by an attacker to copy, cut any file...

PT-2022-8012 · Tecrail · Tecrail Responsive Filemanager

Name of the Vulnerable Software and Affected Versions: Tecrail Responsive Filemanger versions up to 9.10.x Description: A critical vulnerability was found in Tecrail Responsive Filemanger, allowing for path traversal. The attack can be launched remotely. The issue has been disclosed publicly and...

CVE-2013-1891

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed...

Design/Logic Flaw

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed...

GHSA-G2X4-256V-5PVX Codiad Cross-site Scripting Vulnerability

A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by co...

CSZCMS 代码问题漏洞

CSZCMS is an open source web application that allows managing all content and settings on a website. A security vulnerability exists in CSZCMS version 1.3.0 that originates from the leakage of sensitive data via local files in /admin/filemanager/connector/...

Elefant CMS Code Execution Vulnerability

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters for bypassing the...

GHSA-77J2-7WHR-6VPX Elefant CMS Code Execution Vulnerability

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters for bypassing the...

CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution Vulnerabilities

Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache 1 -...

CVE-2022-22914

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal...