CVE-2026-6496

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

CVE-2026-6496

The CVE concerns prasathmani TinyFileManager (up to v2.6). The vulnerable component is the POST Parameter Handler in /filemanager.php, where manipulating the file[] argument enables a path traversal. The issue is remote-exploitable and an exploit has been published. Impact is limited to path trav...

CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

TinyFileManager 安全漏洞

TinyFileManager is a web-based file manager developed by Prasathmani. It allows for online storage, uploading, editing, and management of files and folders through a web browser. Versions of TinyFileManager 2.6 and earlier contained security vulnerabilities, which stemmed from the handling of the...

Arbitrary File Upload

Overview unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE. Affected versions of this package are vulnerable to Arbitrary File Upload via the upload process. An attacker can execute arbitrary code by uploading a malicious file usin...

CVE-2026-5595 griptape-ai griptape FileManagerTool save_memory_artifacts_to_disk path traversal

A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function loadfilesfromdisk/listfilesfromdisk/savecontenttofile/savememoryartifactstodisk of the component FileManagerTool. Such manipulation leads to path traversal. The attack may be...

Exploit for Improper Input Validation in Tecrail Responsive_Filemanager

POC-CVE-2020-10567 RCE poc - RESPONSIVE filemanager v.9.14.0...

Arbitrary File Upload

Cadmium CMS is vulnerable to an Arbitrary File Upload. The vulnerability is due to insufficient validation and restriction in the /admin/content/filemanager/uploads functionality, which allows an attacker to upload malicious files and potentially execute arbitrary code on the server...

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/cmd/azmount/filemanager to version 2.12 or higher...

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

GHSA-9G95-48C6-R778 Livewire Filemanager does not restrict uploaded file types

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

Livewire Filemanager does not restrict uploaded file types

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

CVE-2025-14894 CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

CVE-2025-14894

CVE-2025-14894 concerns Livewire Filemanager used with Laravel. The component LivewireFilemanagerComponent.php reportedly skips file type and MIME validation, enabling Remote Code Execution via uploading a malicious PHP file that, if a storage link/setup is present, can be executed through the /s...