CVE-2020-27386

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...

CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

Unrestricted file upload

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

Directory Traversal

unisharp/laravel-filemanager is vulnerable to directory traversal. Lack of validation of the workingdir parameter allows a remote attacker to access arbitrary system files using the ../ characters...

filemanager-awt.ch Cross Site Scripting vulnerability OBB-1278650

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-14042

PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no...

CVE-2020-14042

PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no...

RiteCMS Remote Code Execution Vulnerability (CNVD-2020-48654)

RiteCMS is a lightweight open source web content management system CMS based on PHP and SQLite. A security vulnerability exists in RiteCMS version 2.2.1. An attacker can exploit the vulnerability by uploading a PHP web shell in 'Filemanager' to execute system commands...

CVE-2020-23934

An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...

CVE-2020-23934

An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...

RiteCMS 2.2.1 - Authenticated Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux 1- Go to following url. http://HOST/cms/ 2- Default username and password is...

TecRail Responsive Filemanager Directory Traversal (CVE-2018-15535)

A directory traversal vulnerability exists in tecrail responsive filemanager x9.13.4. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

CVE-2020-11455

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php...

CVE-2020-11455

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php...

Path traversal

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php...

CVE-2020-11455

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php...

Tecrail Responsive FileManager Cross-Site Scripting Vulnerability (CNVD-2020-22199)

Tecrail Responsive FileManager is an open source file manager written in PHP by Tecrail Italy. The product supports the uploading and management of videos, images or other files. A cross-site scripting vulnerability exists in the dialog.php page in Tecrail Responsive FileManager 9.14.0 and earlie...

CVE-2020-11106

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

CVE-2020-11106

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...