708 matches found
CVE-2024-21546
The CVE-2024-21546 entry specifies a Laravel Filemanager (unisharp/laravel-filemanager) vulnerability: versions before 2.9.1 are susceptible to Remote Code Execution (RCE) via a crafted request that uses a valid mimetype and inserts a dot after the PHP file extension, enabling execution of arbitr...
CVE-2024-21546
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...
CVE-2024-21546
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...
laravel-filemanager 代码注入漏洞
laravel-filemanager is an open source tool from UniSharp. A security vulnerability exists in laravel-filemanager versions prior to 2.9.1 that stems from vulnerability to remote code execution attacks and allows attackers to execute malicious code...
Remote Code Execution (RCE)
backpack/filemanager is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of untrusted data during deserialization from the mimes parameter, allows an attacker to execute remote code on the affected system...
CVE-2024-11210
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has...
GHSA-8237-957H-H2C2 FileManager Deserialization of Untrusted Data vulnerability
Impact Deserialization of untrusted data from the mimes parameter could lead to remote code execution. Patches Fixed in 3.0.9 Workarounds Not needed, a composer update will solve it in a non-breaking way. References Reported responsibly Vladislav Gladkiy at Positive Technologies...
FileManager Deserialization of Untrusted Data vulnerability
Impact Deserialization of untrusted data from the mimes parameter could lead to remote code execution. Patches Fixed in 3.0.9 Workarounds Not needed, a composer update will solve it in a non-breaking way. References Reported responsibly Vladislav Gladkiy at Positive Technologies...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the mimes parameter. Details Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse...
CVE-2024-52306
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9...
CVE-2024-52306 FileManager Deserialization of Untrusted Data
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9...
CVE-2024-52306 FileManager Deserialization of Untrusted Data
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9...
CVE-2024-52306
CVE-2024-52306 affects the Backpack FileManager component used in Laravel Backpack, where deserialization of untrusted data from the mimes parameter can lead to remote code execution. The issue is caused by insecure deserialization prior to version 3.0.9. A fix is available in 3.0.9 and later. Im...
CVE-2024-52306 FileManager Deserialization of Untrusted Data
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9...
FileManager 代码问题漏洞
FileManager is a file manager in Backpack for Laravel open source. A code issue vulnerability exists in FileManager versions prior to 3.0.9, which stems from the mimes parameter deserializing untrusted data and can lead to remote code execution...
CVE-2016-15042
The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...
MD-Pro 1.0.76 Shell Upload / SQL Injection Vulnerability
Exploit Title: MD-Pro 1.0.76. SQL injection + shell upload Google Dork: intext: Powered by MD-Pro Exploit Author: Emiliano Febbi Vendor Homepage: https://www.opensourcecms.com/wp-content/uploads/MDPro-website-description.png Software Link: https://www.opensourcecms.com/mdpro/ Version: 1.0.76...
CVE-2024-46362
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...
PT-2024-90: Cross-Site Request Forgery (CSRF) and Path Traversal in Netcat CMS (module filemanager)
The vulnerability was identified in Netcat CMS module filemanager, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the...
PT-2024-5676 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS filemanager module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the filemanager module of the Netcat CMS system. This could allow a remote attacker to execute...