Filerun Security Vulnerabilities and Issues — Filerun CVE List

Lucene search

AfianFilerun

14 matches found

CVE•added 2019/06/20 4:15 p.m.•118 views

CVE-2019-12905

FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.

6.1CVSS5.8AI score0.03673EPSS

CVE•added 2022/06/02 2:15 p.m.•64 views

CVE-2022-30470

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

9.8CVSS9.6AI score0.08286EPSS

CVE•added 2022/06/06 9:15 p.m.•61 views

CVE-2022-30469

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in /?module=fileman&section=get&page=grid leads to SQL injection.

8.8CVSS9AI score0.01219EPSS

CVE•added 2019/05/30 2:29 p.m.•46 views

CVE-2019-12458

FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.

5.3CVSS5.3AI score0.0035EPSS

CVE•added 2019/05/30 2:29 p.m.•42 views

CVE-2019-12457

FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.

5.3CVSS5.3AI score0.0035EPSS

CVE•added 2021/10/05 12:15 p.m.•42 views

CVE-2021-35505

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.

7.2CVSS7.3AI score0.032EPSS

CVE•added 2023/12/06 1:15 a.m.•38 views

CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.

4.3CVSS4.6AI score0.00053EPSS

CVE•added 2021/10/05 12:15 p.m.•37 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.

6.1CVSS6.5AI score0.0024EPSS

CVE•added 2021/10/05 1:15 p.m.•36 views

CVE-2021-35506

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.

6.1CVSS5.9AI score0.00281EPSS

CVE•added 2018/03/06 7:29 p.m.•35 views

CVE-2018-7734

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.

7.2CVSS7.4AI score0.00905EPSS

CVE•added 2018/03/06 7:29 p.m.•35 views

CVE-2018-7735

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.

7.2CVSS7.4AI score0.00905EPSS

CVE•added 2019/05/30 2:29 p.m.•34 views

CVE-2019-12459

FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.

5.3CVSS5.3AI score0.0035EPSS

CVE•added 2021/10/05 12:15 p.m.•34 views

CVE-2021-35504

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.

7.2CVSS7.3AI score0.09455EPSS

CVE•added 2023/12/06 1:15 a.m.•29 views

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link.

5.4CVSS5.2AI score0.00071EPSS