CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...

9.8CVSS7.8AI score0.08286EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:45 p.m.•7 views

CVE-2022-30469

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata" in /?module=fileman=get=grid leads to SQL injection...

8.8CVSS7.5AI score0.01435EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:54 p.m.•7 views

CVE-2021-35506

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action...

6.1CVSS6AI score0.00281EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:54 p.m.•5 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

6.1CVSS5.7AI score0.0024EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:37 p.m.•9 views

CVE-2021-35504

Afian FileRun 2021.03.26 allows Remote Code Execution by administrators via the Check Path value for the ffmpeg binary...

7.2CVSS7.7AI score0.09455EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:23 a.m.•7 views

CVE-2018-7735

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata=cpanel=listfiletypes request...

7.2CVSS8.1AI score0.00859EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:59 a.m.•2 views

CVE-2018-7734

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users=cpanel=list request...

7.2CVSS8.1AI score0.00859EPSS

Exploits1References1

CNNVD•added 2023/12/06 12:0 a.m.•1 views

Afian FileRun security vulnerability

Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun that stems from a stored cross-site scripting vulnerability that allows an attacker to inject JavaScript code that executes when a user clicks on a carefully crafted shared link...

5.4CVSS5.4AI score0.00071EPSS

Exploits1References2

CNNVD•added 2023/12/06 12:0 a.m.•3 views

Afian FileRun security vulnerability

Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun that stems from the presence of a corrupted access control issue that allows an attacker to delete comments on files uploaded by other users...

4.3CVSS5AI score0.00053EPSS

Exploits1References2

CNVD•added 2022/06/08 12:0 a.m.•18 views

Afian Filerun SQL Injection Vulnerability (CNVD-2022-68943)

Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQ...

8.8CVSS5AI score0.01435EPSS

Exploits1References1