CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

CVE-2020-11106

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

CVE-2017-20145

A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issu...

CVE-2003-1460

Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information...

Arbitrary Code Injection

Overview unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE. Affected versions of this package are vulnerable to Arbitrary Code Injection through using a valid mimetype and inserting the . character after the php file extension. Thi...

Exploit for CVE-2024-21546

CVE-2024-21546 Python Exploit 🔥 Description This Python ex...

CVE-2024-50807

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting XSS via file upload using the svg and pdf extensions...

CVE-2024-21546

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal which allows an authenticated user to delete files on the server via the filemanager process. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored...

GHSA-43C9-GW4X-PCX6 Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

CVE-2024-50807

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting XSS via file upload using the svg and pdf extensions...

CVE-2024-50807

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting XSS via file upload using the svg and pdf extensions...

CVE-2024-50807

CVE-2024-50807 affects Trippo Responsive Filemanager 9.14.0. The issue is a Cross Site Scripting (XSS) vulnerability triggered by uploading files with the extensions svg or pdf. The available sources indicate the flaw resides in the file upload handling, enabling script execution under certain co...

CVE-2024-50807

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting XSS via file upload using the svg and pdf extensions...

Responsive FileManager 安全漏洞

Responsive FileManager is a free open source file manager from the individual developer Alberto Peripolli. A security vulnerability exists in Responsive FileManager version 9.14.0, which stems from file uploads using svg and pdf extensions and is vulnerable to cross-site scripting attacks...

PT-2025-2889 · Unknown · Trippo Responsivefilemanager

Name of the Vulnerable Software and Affected Versions: Trippo Responsive Filemanager version 9.14.0 Description: The issue is related to Cross Site Scripting XSS via file upload using the svg and pdf extensions. This occurs when files with these extensions are uploaded, potentially allowing...

UniSharp Laravel Filemanager Code Injection vulnerability

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...

GHSA-6569-3785-R3V6 UniSharp Laravel Filemanager Code Injection vulnerability

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...

CVE-2024-21546

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...

CVE-2024-21546

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...