708 matches found
GHSA-R7Q6-6FMQ-MX4C Filemanager is vulnerable to Relative Path Traversal through filemanager.php
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
simogeo/filemanager arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
Arbitrary File Upload
Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Arbitrary File Upload via the isallowedfiletype function. An attacker can achieve remote code execution by uploading a specially crafted PHP file. Remediati...
GHSA-M5HW-RHVR-F47C simogeo/filemanager arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-46001
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
CVE-2025-46001
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
FileManager 安全漏洞
FileManager is a file manager in Backpack for Laravel open source. A security vulnerability exists in Filemanager v2.5.0 and earlier versions, which stems from improper directory traversal functionality that could lead to unauthorized access...
PT-2025-30045 · Unknown · File Manager
Name of the Vulnerable Software and Affected Versions: Filemanager version 2.5.0 Description: An arbitrary file upload vulnerability exists in the /rsc/filemanager.rsc.class.php component. Attackers can execute arbitrary code by uploading a crafted SVG file. Recommendations: Filemanager version...
CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-46001
CVE-2025-46001 affects simogeo/filemanager (Filemanager) version 2.3.0. The flaw is in is_allowed_file_type() and allows uploading a crafted PHP file, enabling remote code execution. CVSS v3.1 score is 9.8 (critical) with network attack vector, no user interaction, and no privileges required. Mul...
FileManager 安全漏洞
FileManager is a file manager in Backpack for Laravel open source. A security vulnerability exists in Filemanager version c75b914 v.2.5.0, which stems from improper file upload functionality and could lead to the execution of arbitrary code...
PT-2025-30041 · Unknown · File Manager
Name of the Vulnerable Software and Affected Versions: Filemanager version 2.3.0 Description: An arbitrary file upload vulnerability exists in the is allowed file type function. This allows attackers to execute arbitrary code by uploading a crafted PHP file. Recommendations: Filemanager version...
PT-2025-30042 · Unknown · File Manager
Name of the Vulnerable Software and Affected Versions: Filemanager versions 2.5.0 and below Description: An issue allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint. Recommendations: Filemanager versions prior to 2.5.0: At the...
CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...
CVE-2025-46001
An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...