CVE-2025-14894 CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

PT-2026-3246

Name of the Vulnerable Software and Affected Versions Livewire Filemanager affected versions not specified Description Livewire Filemanager, commonly used in Laravel applications, contains a flaw in LivewireFilemanagerComponent.php where it does not perform adequate file type and MIME validation...

Livewire Filemanager security vulnerabilities

Livewire Filemanager is an open-source file management software developed by Livewire. There is a security vulnerability in Livewire Filemanager, which stems from the lack of file type and MIME validation in the LivewireFilemanagerComponent.php file. This vulnerability may allow remote code...

Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products

Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application...

CVE-2018-10523

CMS Made Simple CMSMS through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajaxgettemplates.php, /modules/DesignManager/action.ajaxgetstylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php...

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

EUVD-2025-205521

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...

CVE-2025-15143

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...

CVE-2025-15143 EyouCMS Backend Template Management FilemanagerLogic.php sql injection

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...

CVE-2025-15143

CVE-2025-15143 affects EyouCMS up to 1.7.6. The vulnerability is in /application/admin/logic/FilemanagerLogic.php (Backend Template Management) where the manipulation of the content parameter enables SQL injection. Exploitation can be remote, and an exploit has been publicly released. The vendor ...

EyouCMS SQL注入漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. EyouCMS 1.7.6 and previous versions exist SQL injection vulnerability, the vulnerability stems from the wrong operation of the parameter content in the file /application/admin/logic/FilemanagerLogic.php,...

CVE-2025-51511

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...

GHSA-QX44-P258-3C2V Cadmium CMS has a background arbitrary file upload vulnerability

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...

CVE-2025-51511

Cadmium CMS v0.4.9 is affected by a background arbitrary file upload vulnerability at /admin/content/filemanager/uploads. The issue allows an attacker to upload crafted files via that endpoint, with potential to upload malicious files and even execute arbitrary code according to Snyk’s descriptio...

CVE-2024-58279

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...

EUVD-2024-55319

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the filemanager upload endpoint. An attacker can execute arbitrary code on the server by uploading a crafted PHP file through authenticated access. Remediation There is no fixed version for apprain/apprain...

CVE-2024-58279

CVE-2024-58279 affects appRain CMF 4.0.5. An authenticated administrator can upload a crafted PHP file via the filemanager/upload endpoint, leading to remote code execution and the potential formation of a web shell with command execution in the uploads directory. Multiple connected sources corro...

CVE-2024-58279 appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...