CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

CVE-2020-7935

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a or use an existing directory that is externally accessible to store PHP files. The filename and the exac...

EUVD-2025-204594

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...

PT-2025-51966

Name of the Vulnerable Software and Affected Versions PHPFusion version 9.10.30 Description The software contains a stored cross-site scripting issue in the file manager. Attackers can upload malicious SVG files containing embedded JavaScript. These files, when viewed, can execute arbitrary...

CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

EUVD-2016-6457

Malware in sbrugna...

EUVD-2018-9800

Malware in sbrugna...

EUVD-2006-6239

Malware in sbrugna...

EUVD-2023-1294

Malicious code in bioql PyPI...

EUVD-2021-8696

Malicious code in bioql PyPI...

osCommerce 安全漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license from osCommerce, Inc. A security vulnerability exists in osCommerce 2.2 RC2a and earlier versions, which stems from a lack of input validation and access control in the Manage File Manager tool, and could...

CVE-2013-10054

CVE-2013-10054 affects LibrettoCMS (1.1.7 and possibly earlier) via the File Manager plugin. The upload handler at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php does not properly validate file extensions, allowing unauthenticated upload of files that can be renamed to executable .php s...

Arbitrary File Upload

Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Arbitrary File Upload via the isallowedfiletype function. An attacker can achieve remote code execution by uploading a specially crafted PHP file. Remediati...

CVE-2025-7108

A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file...

CVE-2023-29200

Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao...

CVE-2021-20651

Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors...

CmsMadeSimple Authenticated File Manager RCE

CMS Made Simple use exploit/multi/http/cmsmsfilemanagerauthrce msf exploitcmsmsfilemanagerauthrce show targets ...targets... msf exploitcmsmsfilemanagerauthrce set TARGET msf exploitcmsmsfilemanagerauthrce show options ...show and set options... msf exploitcmsmsfilemanagerauthrce exploit This...

CVE-2023-46694

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...

CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...