CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users=cpanel=list request...

CVE-2022-30470

In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...

CVE-2022-30469

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata" in /?module=fileman=get=grid leads to SQL injection...

CVE-2021-35505

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...

CVE-2021-35506

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

CVE-2021-35504

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...

CVE-2019-12457

FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01...

CVE-2019-12458

FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01...

CVE-2018-7735

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata=cpanel=listfiletypes request...

CVE-2018-7734

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users=cpanel=list request...

CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

Sql injection

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

PT-2023-15390 · Filerun · Filerun

Name of the Vulnerable Software and Affected Versions: FileRun version 20220519 Description: The issue allows SQL Injection via the dir parameter in a "/?module=users&section=cpanel&page=list" API endpoint. This could potentially lead to unauthorized access to sensitive data. Recommendations: For...

CVE-2022-47532

FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request...

CVE-2022-47532

FileRun 20220519 is affected by an SQL Injection in the endpoint "/?module=users&section=cpanel&page=list" via the parameter dir. Root cause identified as unsanitized input in the dir parameter leading to SQL injection. CVSS metrics (NVD) indicate a critical impact with confidentiality, integrity...

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...