CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...

CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

Improper access control

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

Cross site scripting

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...

Afian FileRun security vulnerability

Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun that stems from a stored cross-site scripting vulnerability that allows an attacker to inject JavaScript code that executes when a user clicks on a carefully crafted shared link...

Afian FileRun security vulnerability

Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun that stems from the presence of a corrupted access control issue that allows an attacker to delete comments on files uploaded by other users...

CVE-2023-28876

The CVE-2023-28876 issue affects Filerun up to Update 20220202, describing a Broken Access Control in comments on uploaded files that allows an attacker to delete comments on files uploaded by other users. The available connected records confirm the affected product (Filerun) and the impact on co...

CVE-2023-28875

CVE-2023-28875 concerns a stored XSS in FileRun’s shared files download terms, specifically affecting Filerun Update 20220202. The vulnerability is triggered when a user follows a crafted share link, allowing injected JavaScript code execution in the victim’s browser. Connected sources identify t...

CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

PT-2023-22026 · Filerun · Filerun

Name of the Vulnerable Software and Affected Versions: Filerun versions through Update 20220202 Description: A Broken Access Control issue in comments to uploaded files allows attackers to delete comments on files uploaded by other users. Recommendations: For versions through Update 20220202,...

FileRun 安全漏洞

FileRun is a PHP web hosting program similar to Nextcloud by FileRun. A security vulnerability exists in FileRun version 20220519, which originates from SQL injection via the "dir" parameter in the /?module=users&section=cpanel&page=list request...

Afian Filerun SQL Injection Vulnerability (CNVD-2022-68943)

Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQ...

CVE-2022-30469

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata" in /?module=fileman&section=get&page=grid leads to SQL injection...

CVE-2022-30469

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata" in /?module=fileman&section=get&page=grid leads to SQL injection...

CVE-2022-30469

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata" in /?module=fileman&section=get&page=grid leads to SQL injection...

Sql injection

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata" in /?module=fileman&section=get&page=grid leads to SQL injection...

CVE-2022-30469

Afian FileRun 20220202 is affected by an SQL injection vulnerability caused by lack of sanitization of the POST parameter metadata[] in the grid page (/ ?module=fileman&section=get&page=grid). The issue is confirmed across multiple sources (NVD entry CVE-2022-30469, Red Hat advisory, CNVD, CVE li...

CVE-2022-30469

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata" in /?module=fileman&section=get&page=grid leads to SQL injection...