5 matches found
CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal
A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...
CVE-2025-52922
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...
CVE-2025-52922
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...
PT-2025-26593 · Innoshop · Innoshop
Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows directory traversal via FileManager API endpoints, such as "/api/file manager/files?base folder=", "/api/file manager/directories", "/api/file manager/copy files", and "/api/fi...
CVE-2025-52922
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...