Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roxyfileman roxy fileman vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40797
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
Roxyfileman Roxy Fileman 1.4.6
5
CVSSv2
CVE-2019-19731
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the St...
Roxyfileman Roxy Fileman 1.4.5
7.5
CVSSv2
CVE-2019-7174
Roxy Fileman 1.4.5 allows malicious users to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.
Roxyfileman Roxy Fileman 1.4.5
1 Github repository
6.4
CVSSv2
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
Roxyfileman Roxy Fileman 1.4.5
1 EDB exploit
7.5
CVSSv2
CVE-2018-20526
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
Roxyfileman Roxy Fileman 1.4.5
1 EDB exploit
5
CVSSv2
CVE-2018-12042
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.
Roxyfileman Roxy Fileman
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started