CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

Remote code execution

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1files to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code it need not be a valid JPEG file...

Cross site scripting

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

CVE-2020-10682

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1files to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code it need not be a valid JPEG file...

CVE-2020-10682

CMS Made Simple Filemanager in version 2.2.13 is vulnerable to remote code execution via a crafted .php.jpegd JPEG file. An attacker can deliver PHP code by uploading a file (sent as application/octet-stream) and triggering it through admin/moduleinterface.php (e.g., using m1_files[]) to execute ...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

CVE-2020-10681

Summary: CVE-2020-10681 affects CMS Made Simple 2.2.13, specifically the Filemanager component, which is vulnerable to stored XSS via a .pxd file, demonstrated via m1_files[] to admin/moduleinterface.php. What’s affected: CMS Made Simple Filemanager in version 2.2.13. Root cause / vector (as stat...

CMS Made Simple Filemanager Remote Code Execution Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism , etc. Filemanager is one of the file management component . A remote...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2020-21240)

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in Filemanager...

Tecrail Responsive FileManager Input Validation Error Vulnerability

Tecrail Responsive FileManager is an open source file manager written in PHP by Tecrail Italy. The product supports the uploading and management of videos, images or other files. A security vulnerability exists in the ajaxcalls.php file in Tecrail Responsive FileManager 9.14.0 and earlier version...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

Code injection

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

CVE-2020-10567

CVE-2020-10567 affects Responsive Filemanager up to version 9.14.0. The vulnerability is in ajax_calls.php, case 'save_img', where the name parameter’s extension is not validated. An attacker (often authenticated in affected apps like ZwiiCMS) can craft a JPEG with malicious EXIF data and a .php ...

Tecrail Responsive FileManager Code Issue Vulnerability

Tecrail Responsive FileManager is an open source file manager written in PHP by Tecrail Italy. The product supports the uploading and management of videos, images or other files. A code issue vulnerability exists in the upload.php file in Tecrail Responsive FileManager versions 9.13.4 and 9.14.0...

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

Design/Logic Flaw

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...