2 matches found
CVE-2025-52995
CVE-2025-52995 concerns File Browser’s command execution allowlist bypass. The bug, present before version 2.33.10, stems from a regex-based allowlist check that uses partial matches, enabling an attacker with the Execute Commands permission to run additional shell commands beyond those explicitl...
CVE-2025-52995 File Browser vulnerable to command execution allowlist bypass
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...