156 matches found
Afian FileRun SQL注入漏洞
Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQ...
CVE-2022-30470
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
CVE-2022-30470
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
CVE-2022-30470
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
Remote code execution
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
Afian FileRun 安全漏洞
Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun version 20220202, which stems from a change in the searchtikapath variable to a custom jar path that could result in remote code execution in a web server user's environment...
CVE-2022-30470
CVE-2022-30470 affects Afian FileRun (version 20220202) where changing the "search_tika_path" to a custom (previously uploaded) jar enables remote code execution in the webserver user context. The vulnerability originates from how the application loads an externally supplied jar via the search_ti...
CVE-2022-30470
In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...
Filerun Cross Site Scripting
A cross site scripting vulnerability exists in Filerun. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
CVE-2021-35506
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...
CVE-2021-35506
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...
Design/Logic Flaw
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...
CVE-2021-35504
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...
CVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...
CVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
CVE-2021-35504
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...
Remote code execution
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the magick binary...
Remote code execution
Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...