Lucene search
+L
RoxyfilemanRoxy Fileman

6 matches found

cve
cve
added 2019/03/18 3:25 p.m.152 views

CVE-2018-20526

CVE-2018-20526 covers a vulnerability in Roxy Fileman 1.4.5 where upload.php allows unrestricted file uploads. The NVD entry documents this as a file-upload vulnerability (CVSS v2/v3 high-crit) without confirming exploit specifics. The nuclei template and related references describe it as enablin...

9.8CVSS9.4AI score0.73056EPSS
cve
cve
added 2022/11/09 12:0 a.m.99 views

CVE-2022-40797

CVE-2022-40797 affects Roxy Fileman 1.4.6. The vulnerability is a remote code execution via uploading a .phar file, because conf.json’s FORBIDDEN_UPLOADS setting only blocks .php, .php4, and .php5. In some web-server configurations visiting a .phar file can execute the PHP interpreter, enabling a...

9.8CVSS9.6AI score0.02555EPSS
Web
cve
cve
added 2019/03/18 3:21 p.m.79 views

CVE-2018-20525

CVE-2018-20525 affects Roxy Fileman 1.4.5, enabling directory traversal via copydir.php, copyfile.php, and fileslist.php. Public write-up and exploit references (e.g., Exploit-DB, PacketStorm) describe or imply abuse for arbitrary directory access via directory traversal and related upload bypass...

9.1CVSS8.3AI score0.21646EPSS
Web
cve
cve
added 2019/12/16 4:26 p.m.63 views

CVE-2019-19731

CVE-2019-19731 affects Roxy Fileman 1.4.5 for .NET. The vulnerability is a path traversal flaw that allows a remote attacker to write uploaded files to arbitrary locations via the RENAMEFILE action. Documents describe that this can enable code execution by uploading a crafted Windows shortcut fil...

7.5CVSS7.8AI score0.11617EPSS
Web
cve
cve
added 2019/04/09 5:58 p.m.53 views

CVE-2019-7174

CVE-2019-7174 pertains to Roxy Fileman 1.4.5, where attackers can trigger the server to perform file-management operations via renamefile.php, createdir.php, fileslist.php, and movefile.php. The affected component is the Fileman web interface; the description notes these endpoints can be executed...

9.8CVSS9.4AI score0.01656EPSS
cve
cve
added 2018/06/07 8:0 p.m.36 views

CVE-2018-12042

Roxy Fileman 1.4.5 and earlier is vulnerable to a directory traversal flaw in the php/download.php f parameter, allowing access to arbitrary files. The issue is due to improper handling of the f parameter in file download functionality, enabling potential exposure of sensitive server files. Impac...

7.5CVSS7.5AI score0.01794EPSS
Web