31 matches found
EUVD-2012-5092
Malware in sbrugna...
EUVD-2015-4483
Malware in sbrugna...
EUVD-2015-4482
Malware in sbrugna...
CVE-2024-46086
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/delete/123...
CVE-2024-46086
Summary: CVE-2024-46086 affects FrogCMS v0.9.5 with a Cross-Site Request Forgery (CSRF) vulnerability exploitable through the API endpoint /admin/?/plugin/file_manager/delete/123. The Red Hat, NVD, CVE lists corroborate the issue as CSRF with high impact metrics (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U...
CVE-2024-46362
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...
CVE-2024-46085
FrogCMS v0.9.5 is affected by a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /admin/?/plugin/file_manager/rename endpoint. Root cause: CSRF allows unauthorized actions (e.g., file rename) from authenticated sessions. Impact details in the sources indicate potential for unau...
CVE-2024-8165
A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/filemanager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit i...
Everbrite BeikeShop 路径遍历漏洞
Everbrite BeikeShop is an e-commerce system from China Everbright Everbrite. A path traversal vulnerability exists in Everbrite BeikeShop 1.5.5 and earlier versions, which originates in the exportZip function of file /admin/filemanager/export, where manipulation of the parameter path can lead to...
CVE-2024-42630
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createfile...
CVE-2023-29657
eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions...
CVE-2023-2678
The CVE-2023-2678 entry concerns SourceCodester File Tracker Manager System 1.0. The vulnerability affects the file /file_manager/admin/save_user.php in the POST Parameter Handler, where manipulating the firstname parameter leads to cross-site scripting (XSS). Exploitation is remote and the explo...
PT-2023-22197 · Contao · Contao
Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.9.40 Contao versions prior to 4.13.21 Contao versions prior to 5.1.4 Description: Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary...
Relative Path Traversal to Remote Code Execution
Description Pandora FMS v7.0NG.759 allows relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to Remote Code Execution with running application privilege...
CVE-2018-18824
WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...
Design/Logic Flaw
WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...
CVE-2018-18824
WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...
CVE-2018-18824
Affected software: WolfCMS 0.8.3.1. Vulnerability: Stored/reflected XSS via an SVG file to /?/admin/plugin/file_manager/browse/ as described in CVE-2018-18824. Root cause / details: Not explicitly stated beyond the XSS vector in the provided documents. Impact (as stated): XSS could affect the adm...
ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager'...
CVE-2018-20775
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...