CVE-2021-47949

CVE-2021-47949 affects CyberPanel 2.1 and enables authenticated remote code execution via a symlink attack in the filemanager endpoint. An attacker can modify the completeStartingPath in POST requests to /filemanager/controller to create symbolic links, read sensitive files (e.g., database creden...

EUVD-2024-55319

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the filemanager upload endpoint. An attacker can execute arbitrary code on the server by uploading a crafted PHP file through authenticated access. Remediation There is no fixed version for apprain/apprain...

appRain CMF cross-site scripting vulnerability (CNVD-2025-20912)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/filemanager endpoint, which can be exploited by an attacker to steal a victim's cookie-based authentication credentials...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/filemanager endpoint, which can be exploited by an attacker to steal a victim's cookie-based authentication credentials...