Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file_manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-1053
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo prior to 2.2.1 allows remote malicious users to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.
Croogo Croogo
5.4
CVSSv3
CVE-2017-11611
Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the ...
Wolfcms Wolf Cms 0.8.3.1
1 Github repository
4.8
CVSSv3
CVE-2018-18823
WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.
Wolfcms Wolf Cms 0.8.3.1
4.8
CVSSv3
CVE-2018-18824
WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.
Wolfcms Wolf Cms 0.8.3.1
4.9
CVSSv3
CVE-2018-16373
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
Frog Cms Project Frog Cms 0.9.5
1 Github repository
4.8
CVSSv3
CVE-2018-9992
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
Frog Cms Project Frog Cms 0.9.5
6.1
CVSSv3
CVE-2018-20778
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
Frog Cms Project Frog Cms 0.9.5
6.5
CVSSv3
CVE-2015-4463
The file_manager component in eFront CMS prior to 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
Efrontlearning Efront
NA
CVE-2009-3426
PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote malicious users to execute arbitrary PHP code via a URL in the fm_includes_special parameter.
Databay Maxcms 3.11.20b
1 EDB exploit
7.2
CVSSv3
CVE-2018-11098
An issue exists in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
Frog Cms Project Frog Cms 0.9.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »