Control Web Panel 操作系统命令注入漏洞

Control Web Panel is a Linux web hosting control panel. An operating system command injection vulnerability exists in Control Web Panel versions prior to 0.9.8.1205, which stems from the ttotal parameter in the filemanager changePerm request containing shell metacharacters, which could lead to...

CVE-2025-48703

CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...

CVE-2025-48703

CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...

CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

appRain CMF cross-site scripting vulnerability (CNVD-2025-20912)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/filemanager endpoint, which can be exploited by an attacker to steal a victim's cookie-based authentication credentials...

Exploit for CVE-2025-58440

CVE-2025-58440 Remote Code Execution RCE via Polyglot File A...

CVE-2025-41037

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...

CVE-2025-41037

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...

CVE-2025-41037 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/filemanager endpoint, which can be exploited by an attacker to steal a victim's cookie-based authentication credentials...

GodRAT – New RAT targeting financial institutions

Summary In September 2024, we detected malicious activity targeting financial trading and brokerage firms through the distribution of malicious .scr screen saver files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan RAT named...

VulnCheck KEV: CVE-2025-48703

CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...

Arbitrary File Upload

simogeo/filemanager is vulnerable to Arbitrary File Upload. The vulnerability is due to improper file type validation due to insufficient checks in the isallowedfiletype function, allowing attackers to upload crafted PHP files and execute arbitrary code...

Directory Traversal

simogeo/filemanager is vulnerable to Directory Traversal. The vulnerability is due to improper input validation caused by the filemanager.php endpoint failing to sanitize user input in crafted HTTP requests, allowing attackers to traverse directories...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-46002

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

Arbitrary File Upload

Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Arbitrary File Upload via filemanager.class.php. An attacker can bypass restrictions defined in filemanager.config.json and upload a specially crafted SVG...

Relative Path Traversal

Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Relative Path Traversal via the filemanager.php endpoint. An attacker can access files outside the intended directory by sending a crafted HTTP request...

Filemanager is vulnerable to Relative Path Traversal through filemanager.php

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...