3 matches found
CVE-2024-5673
CVE-2024-5673 affects Dulldusk’s PHP File Manager v1.7.8. The vulnerability is an cross-site scripting (XSS) flaw that can be triggered via the fm_current_dir parameter of index.php. An attacker could deliver a crafted JavaScript payload to an authenticated user, enabling partial hijacking of tha...
CVE-2023-53894
CVE-2023-53894 (phpfm 1.7.9) is an authentication-bypass vulnerability caused by loose type comparison in the password hash validation (checkPassword). An attacker can craft password hashes starting with 0e or 00e to bypass login and upload malicious PHP files. The issue is documented across mult...
CVE-2019-25632
CVE-2019-25632 affects phpFileManager 1.7.8. The vulnerability is a local file inclusion that lets unauthenticated attackers read arbitrary server files by manipulating the action, fm_current_dir, and filename parameters in index.php. Attackers can send crafted GET requests to index.php to access...