Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log...

CVE-2019-13386

CVE-2019-13386 affects CentOS Web Panel (CWP) version 0.9.8.846. A hidden action=9 in filemanager2.php enables an attacker to execute shell commands, potentially obtaining a reverse shell with the user’s privileges. Exploitation details and references across multiple sources corroborate this remo...

CVE-2019-13385

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log...

PT-2019-13305 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.846 Description: A hidden feature in the filemanager2.php file allows attackers to execute shell commands, potentially obtaining a reverse shell with user privileges. Recommendations: For version 0.9.8.846,...

CVE-2019-10717

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

Directory traversal

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

CVE-2019-12190

XSS was discovered in CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fmcurrentdir or filename parameter...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

PT-2019-12174

Name of the Vulnerable Software and Affected Versions InfinitumIT DirectAdmin versions prior to v1.561 Description The issue concerns the FileManager in InfinitumIT DirectAdmin, where an attacker can exploit XSS via CMD FILE MANAGER, CMD SHOW USER, and CMD SHOW RESELLER. This allows the attacker ...

Bolt Arbitrary PHP Code Execution Vulnerability

Bolt is a simple CMS written in PHP. An arbitrary PHP code execution vulnerability exists in Controller/Async/FilesystemManager.php in filemanager in versions prior to Bolt 3.6.5. A remote attacker can execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

CVE-2019-9185

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

CVE-2019-9185

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

CVE-2019-9185

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...

CVE-2019-9185

Bolt CMS prior to 3.6.5 is affected by a vulnerability in the filemanager’s Controller/Async/FilesystemManager.php that allows remote code execution by renaming a previously uploaded file to have a .php extension. Public references indicate the fix was released in Bolt 3.6.5 (see Bolt v3.6.5 rele...

Default credentials

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the mediapreview action...

CVE-2018-20791

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the mediapreview action...

CVE-2018-20793

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths0 path traversal mitigation bypass, through the createfile action in execute.php...

CVE-2018-20790

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths0 path traversal mitigation bypass through the deletefile action in execute.php...