3 matches found
CVE-2025-46001
CVE-2025-46001 affects simogeo/filemanager (Filemanager) version 2.3.0. The flaw is in is_allowed_file_type() and allows uploading a crafted PHP file, enabling remote code execution. CVSS v3.1 score is 9.8 (critical) with network attack vector, no user interaction, and no privileges required. Mul...
CVE-2025-46002
CVE-2025-46002 affects Filemanager before v2.5.0 and below, where a directory traversal can be triggered by crafting requests to the filemanager.php endpoint. The vulnerability is confirmed across multiple sources (Red Hat, GitHub advisories, Snyk) and centers on improper path handling in fileman...
CVE-2025-46000
CVE-2025-46000 affects Filemanager v2.5.0: the component /rsc/filemanager.rsc.class.php contains an arbitrary file upload vulnerability that allows arbitrary code execution when a crafted SVG is uploaded. Root cause is insecure file upload handling in that module. Affected software is Filemanager...