CyberPanel 后置链接漏洞

CyberPanel is a virtual hosting control panel developed by Usman Nasir, which includes DNS and email servers. Version 2.1 of CyberPanel has a post-backlink vulnerability. This vulnerability stems from an issue with the filemanager controller endpoint, where command execution is possible. This cou...

Livewire Filemanager security vulnerabilities

Livewire Filemanager is an open-source file management software developed by Livewire. There is a security vulnerability in Livewire Filemanager, which stems from the lack of file type and MIME validation in the LivewireFilemanagerComponent.php file. This vulnerability may allow remote code...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

EUVD-2019-4881

Malware in sbrugna...

EUVD-2018-13337

Malware in sbrugna...

EUVD-2018-13335

Malware in sbrugna...

Directory Traversal

simogeo/filemanager is vulnerable to Directory Traversal. The vulnerability is due to improper input validation caused by the filemanager.php endpoint failing to sanitize user input in crafted HTTP requests, allowing attackers to traverse directories...

CVE-2025-46002

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

Relative Path Traversal

Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Relative Path Traversal via the filemanager.php endpoint. An attacker can access files outside the intended directory by sending a crafted HTTP request...

Filemanager is vulnerable to Relative Path Traversal through filemanager.php

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

GHSA-R7Q6-6FMQ-MX4C Filemanager is vulnerable to Relative Path Traversal through filemanager.php

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

GHSA-M5HW-RHVR-F47C simogeo/filemanager arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2025-46002

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

CVE-2025-46002

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

FileManager 安全漏洞

FileManager is a file manager in Backpack for Laravel open source. A security vulnerability exists in Filemanager version c75b914 v.2.5.0, which stems from improper file upload functionality and could lead to the execution of arbitrary code...

CVE-2025-46002

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

CVE-2025-46000

CVE-2025-46000 affects Filemanager v2.5.0: the component /rsc/filemanager.rsc.class.php contains an arbitrary file upload vulnerability that allows arbitrary code execution when a crafted SVG is uploaded. Root cause is insecure file upload handling in that module. Affected software is Filemanager...