BlogEngine.NET 3.3.7.0 - Local File Inclusion

BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter id: CVE-2019-10717 info: name: BlogEngine.NET 3.3.7.0 - Local File Inclusion author: arafatansari severity: high description: | BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the pa...

CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution

CWP Control Web Panel 0.9.8.1205 contains a remote code execution caused by shell metacharacters in the ttotal parameter in filemanager changePerm request, letting unauthenticated attackers execute code remotely, exploit requires knowledge of a valid non-root username. id: CVE-2025-48703 info:...

Responsive FileManager 安全漏洞

Responsive FileManager is a free, open-source file manager developed by Alberto Peripolli. Version 9.14.0 of Responsive FileManager contains a security vulnerability. This vulnerability stems from issues with the forcedownload.php component, which could allow remote attackers to execute arbitrary...

CVE-2021-47965

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

PT-2026-41344

Name of the Vulnerable Software and Affected Versions WP Super Edit versions 2.5.4 and earlier Description The FCKeditor component contains an unrestricted file upload flaw. Attackers can upload arbitrary and dangerous file types without validation through the 'filemanager upload' endpoint, which...

SUSE CVE-2017-11366

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

EFW Framework 命令注入漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained a command injection vulnerability. This vulnerability stemmed from the lack of proper path checking in...

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A threat actor named MrRot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager WHM that could result ...

EUVD-2021-34809

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47949

CVE-2021-47949 affects CyberPanel 2.1 and enables authenticated remote code execution via a symlink attack in the filemanager endpoint. An attacker can modify the completeStartingPath in POST requests to /filemanager/controller to create symbolic links, read sensitive files (e.g., database creden...

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CyberPanel 后置链接漏洞

CyberPanel is a virtual hosting control panel developed by Usman Nasir, which includes DNS and email servers. Version 2.1 of CyberPanel has a post-backlink vulnerability. This vulnerability stems from an issue with the filemanager controller endpoint, where command execution is possible. This cou...

PT-2026-39523

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

Exploit for CVE-2026-37637

CVE-2026-37637 Proof of Concept for CVE-2026-37637 - Remo...

PT-2026-37432

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket versions 9.0.0 through 9.22.0 Apache Wicket versions 10.0.0 through 10.8.0 Description FolderUploadsFileManager fails to validate or sanitize the uploadFieldId parameter or the...

CVE-2026-7388

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

PT-2026-35677

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...