Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:39 a.m.8 views

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

9.8CVSS7.6AI score0.02555EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2022/11/21 12:0 a.m.615 views

Roxy Fileman 1.4.6 Remote Shell Upload

Exploit Title: Roxy Fileman Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php Version: \t\n' banner += '\t\t\t\t\t\t\n' banner += '\n' parser = OptionParser parser.addoption"-u", "--url", dest="url", help="u...

9.8CVSS9.7AI score0.02555EPSS
Exploits3
0day.today
0day.today
added 2022/11/21 12:0 a.m.321 views

Roxy Fileman 1.4.6 Remote Shell Upload Exploit

Exploit Title: Roxy Fileman Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php Version: \t\n' banner += '\t\t\t\t\t\t\n' banner += '\n' parser = OptionParser parser.addoption"-u", "--url", dest="url", help="u...

9.8CVSS0.1AI score0.02555EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2022/11/09 12:0 a.m.7 views

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

9.9AI score0.02555EPSS
Exploits3References4
CVE
CVE
added 2022/11/09 12:0 a.m.99 views

CVE-2022-40797

CVE-2022-40797 affects Roxy Fileman 1.4.6. The vulnerability is a remote code execution via uploading a .phar file, because conf.json’s FORBIDDEN_UPLOADS setting only blocks .php, .php4, and .php5. In some web-server configurations visiting a .phar file can execute the PHP interpreter, enabling a...

9.8CVSS9.6AI score0.02555EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder