FileBrowser 2.17.2 - Cross Site Request Forgery to Remote Code Execution Vulnerability

Exploit Title: FileBrowser 2.17.2 - Cross Site Request Forgery CSRF to Remote Code Execution RCE Exploit Author: FEBIN MON SAJI Vendor Homepage: https://filebrowser.org/ Software Link: https://github.com/filebrowser/filebrowser Version: FileBrowser setTimeoutfunction...

GO-2022-0563 Cross-site request forgery in github.com/filebrowser/filebrowser/v2

A Cross-Site Request Forgery vulnerability exists in Filebrowser that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim...

Cross-Site Request Forgery in Filebrowser

A Cross-Site Request Forgery CSRF vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim...

GHSA-72WF-HWCQ-65H9 Cross-Site Request Forgery in Filebrowser

A Cross-Site Request Forgery CSRF vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim...

CVE-2021-46398

A Cross-Site Request Forgery vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads...

CVE-2021-46398

A Cross-Site Request Forgery vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads...

Cross site request forgery (csrf)

A Cross-Site Request Forgery vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads...

CVE-2021-46398

A Cross-Site Request Forgery vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads...

CVE-2021-46398

CVE-2021-46398 describes a Cross-Site Request Forgery in FileBrowser prior to v2.18.0 that enables an attacker to create an admin backdoor user and gain access to the server filesystem, potentially leading to Remote Code Execution (RCE). Exploitation involves luring an admin to load a crafted HTM...

FileBrowser 跨站请求伪造漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site request forgery vulnerability, which is caused by improper validation of...

FileBrowser Cross-Site Scripting Vulnerability (CNVD-2025-22709)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site scripting vulnerability that is caused by improper validation of...

CVE-2021-37794

A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...

CVE-2021-37794

A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...

CVE-2021-37794

CVE-2021-37794 affects FileBrowser

CVE-2021-37794

A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...

FileBrowser 跨站脚本漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site scripting vulnerability that is caused by improper validation of...

CMSimple 5.2 - (External) Stored XSS Vulnerability

Exploit Title: CMSimple 5.2 - 'External' Stored XSS Exploit Author: Quadron Research Lab Version: CMSimple 5.2 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.cmsimple.org/en/ Description The CMSimple 5.2 allow stored XSS via the Settings CMS Filebrowser "External:" input field...

Code injection

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS aka Job...

CVE-2020-35656

CVE-2020-35656 affects Jaws (CMS) up to version 1.8.0. The vulnerability arises from crafted requests to admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files, which allow an authenticated administrator to upload a .php file an...