6 matches found
CVE-2026-33477
CVE-2026-33477 affects FileRise (self-hosted file manager). A server-side authorization flaw in the /api/file/snippet.php endpoint allows an authenticated user with only read_own access to retrieve snippet content from files uploaded by other users within the same folder. The issue exists in vers...
CVE-2026-33072
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
CVE-2026-33071
CVE-2026-33071 concerns FileRise, a self-hosted web file manager/WebDAV server. Affected versions prior to 3.8.0 allow WebDAV uploads to bypass the filename validation enforced by the regular upload path, since createFile() and put() accept filenames directly from the WebDAV client without valida...
CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...
FileRise 访问控制错误漏洞
FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise prior to 3.8.0 contained an access control vulnerability caused by a lack of authentication in the deleteShareLink endpoint. This vulnerability could lead to arbitrary shared links being deleted...
PT-2025-42793
Name of the Vulnerable Software and Affected Versions FileRise versions prior to 1.5.0 Description FileRise is a self-hosted web-based file manager offering multi-file upload, editing, and batch operations. A regression in version 1.4.0 permitted the inference of folder visibility and ownership...