EUVD-2026-23444

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request...

EUVD-2026-23437

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

CVE-2026-6497

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request...

CVE-2026-6496

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

EUVD-2013-1889

Malware in sbrugna...

Relative Path Traversal

Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Relative Path Traversal via the filemanager.php endpoint. An attacker can access files outside the intended directory by sending a crafted HTTP request...

CVE-2013-1891

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed...

CVE-2013-1891

OpenCart 1.4.7–1.5.5.1 contains a directory traversal vulnerability in filemanager.php where the anti-traversal check is ineffective and can be bypassed. This affects code handling file paths, enabling potential access outside the intended directory structure. The CVE notes indicate an impact on ...

CVE-2013-1891

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed...

Codiad Remote Command Execution Vulnerability

Codiad is a U.S. software developer Kent Safranski developed a set of Web-based IDE framework , it contains a project/file manager and code editor , mainly used for online writing and editing code . A remote command execution vulnerability exists in the components/filemanager/class.filemanager.ph...

CVE-2015-1041

CVE-2015-1041 Affect: e107 CMS, version 1.0.4. Issue: Cross-site scripting (XSS) in e107_admin/filemanager.php allows remote attackers to inject arbitrary web script/HTML via the e107_files/ path in the QUERY_STRING. Root cause: insufficient input validation/escaping of the file path parameter. I...

OpenCart 1.5.5.1 (filemanager.php) - Directory Traversal Arbitrary File Access

No description provided by source. waraxe-2013-SA098 - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 =============================================================================== Author: Janek Vind waraxe Date: 19. March 2013 Location: Estonia, Tartu Web:...

PLESK 7.5/7.6 - Filemanager.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20155/info PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system...

CVE-2014-3975

Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter...

CVE-2014-3975

CVE-2014-3975 describes an absolute path traversal in AuraCMS 3.0, exploitable through filemanager.php via a full pathname in the viewdir parameter, allowing remote attackers to list directories. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE list), with the core issue b...

CVE-2014-3974

AuraCMS 3.0 and earlier is affected by an XSS in filemanager.php (via the viewdir parameter). The vulnerability stems from unsanitized input in viewdir, enabling injection of arbitrary script/HTML. Affected product is AuraCMS; version scope is 3.0 and earlier. Public references indicate the issue...

OpenCart 1.5.5.1 - 'FileManager.php' Directory Traversal Arbitrary File Access

waraxe-2013-SA098 - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 19. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-98.html Description of vulnerabl...

OpenCart 1.5.5.1 - FileManager.php Directory Traversal Arbitrary File Access

OpenCart 1.5.5.1 - FileManager.php Directory Traversal Arbitrary File Access waraxe-2013-SA098 - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 19. March 2013 Location:...

Flatnux 2009-01-27 Remote File Inclusion

@ flatnux Flatnux-2009-01-27 RFI zależności P + Alfons Luja + 2009 + grts : All friends VULN : +++ include/theme.php ... ?php if eregi"theme.php", $SERVER'PHPSELF' die; // 0 -- I dont give a fuck global $theme, $FNROOTPATH,$lang; //-- 1 global $forumback, $forumborder;...

Flatnux 2009-01-27 - Remote File Inclusion

@ flatnux Flatnux-2009-01-27 RFI zależności P + Alfons Luja + 2009 + grts : All friends VULN : +++ include/theme.php ... ?php if eregi"theme.php", $SERVER'PHPSELF' die; // 0 -- I dont give a fuck global $theme, $FNROOTPATH,$lang; //-- 1 global $forumback, $forumborder;...