Kcfinder Security Vulnerabilities and Issues — Kcfinder CVE List

Lucene search

SunhaterKcfinder

3 matches found

CVE•added 2021/01/01 1:15 a.m.•79 views

CVE-2018-25002

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy.

8.8CVSS8.6AI score0.00516EPSS

CVE•added 2019/07/28 1:15 a.m.•66 views

CVE-2019-14315

A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter.

6.1CVSS5.9AI score0.00189EPSS

CVE•added 2014/12/03 1:59 a.m.•29 views

CVE-2014-3988

Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file.

4.3CVSS5.8AI score0.00225EPSS