Cross site scripting

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

CVE-2020-11106

Responsive Filemanager up to v9.14.0 contains a stored XSS in dialog.php caused by unsanitized $_SESSION['RF']['view_type'] when ajax_calls.php sets it (and then dialog.php reads it). This allows payloads injected via the type parameter in the view action to persist across navigation to dialog.ph...

CVE-2020-11106

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $SESSION'RF'"viewtype" wasn't sanitized if it was already set. This made stored XSS possible if one opens ajaxcalls.php and uses the "view" action and places a payload in the type...

CVE-2020-10682

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1files to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code it need not be a valid JPEG file...

CVE-2020-10682

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1files to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code it need not be a valid JPEG file...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

Remote code execution

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1files to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code it need not be a valid JPEG file...

Cross site scripting

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

CVE-2020-10682

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1files to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code it need not be a valid JPEG file...

CVE-2020-10682

CMS Made Simple Filemanager in version 2.2.13 is vulnerable to remote code execution via a crafted .php.jpegd JPEG file. An attacker can deliver PHP code by uploading a file (sent as application/octet-stream) and triggering it through admin/moduleinterface.php (e.g., using m1_files[]) to execute ...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

CVE-2020-10681

Summary: CVE-2020-10681 affects CMS Made Simple 2.2.13, specifically the Filemanager component, which is vulnerable to stored XSS via a .pxd file, demonstrated via m1_files[] to admin/moduleinterface.php. What’s affected: CMS Made Simple Filemanager in version 2.2.13. Root cause / vector (as stat...

CMS Made Simple Filemanager Remote Code Execution Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism , etc. Filemanager is one of the file management component . A remote...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2020-21240)

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in Filemanager...

Tecrail Responsive FileManager Input Validation Error Vulnerability

Tecrail Responsive FileManager is an open source file manager written in PHP by Tecrail Italy. The product supports the uploading and management of videos, images or other files. A security vulnerability exists in the ajaxcalls.php file in Tecrail Responsive FileManager 9.14.0 and earlier version...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

Code injection

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...