Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file manager project vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-8297
A path traversal vulnerability exists in simple-file-manager prior to 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).
Simple-file-manager Project Simple-file-manager
578
VMScore
CVE-2019-16790
In Tiny File Manager prior to 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.
Tiny File Manager Project Tiny File Manager
580
VMScore
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager prior to 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Tiny File Manager Project Tiny File Manager
6 Github repositories
668
VMScore
CVE-2022-1000
Path Traversal in GitHub repository prasathmani/tinyfilemanager before 2.4.7.
Tiny File Manager Project Tiny File Manager
668
VMScore
CVE-2020-35173
The Amaze File Manager application prior to 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).
Amaze File Manager Project Amaze File Manager
641
VMScore
CVE-2020-36246
Amaze File Manager prior to 3.5.1 allows malicious users to obtain root privileges via shell metacharacters in a symbolic link.
Amaze File Manager Project Amaze File Manager
505
VMScore
CVE-2018-19042
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.
Media File Manager Project Media File Manager 1.4.2
1 EDB exploit
505
VMScore
CVE-2018-19043
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
Media File Manager Project Media File Manager 1.4.2
1 EDB exploit
NA
CVE-2022-23044
Tiny File Manager version 2.4.8 allows an unauthenticated remote malicious user to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
Tiny File Manager Project Tiny File Manager 2.4.8
NA
CVE-2022-45476
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.
Tiny File Manager Project Tiny File Manager 2.4.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »