Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file_manager vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-1053
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo prior to 2.2.1 allows remote malicious users to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.
Croogo Croogo
3.5
CVSSv2
CVE-2017-11611
Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the ...
Wolfcms Wolf Cms 0.8.3.1
1 Github repository
3.5
CVSSv2
CVE-2018-18823
WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.
Wolfcms Wolf Cms 0.8.3.1
3.5
CVSSv2
CVE-2018-18824
WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.
Wolfcms Wolf Cms 0.8.3.1
4
CVSSv2
CVE-2018-16373
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
Frog Cms Project Frog Cms 0.9.5
1 Github repository
4.3
CVSSv2
CVE-2018-20778
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
Frog Cms Project Frog Cms 0.9.5
3.5
CVSSv2
CVE-2018-9992
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
Frog Cms Project Frog Cms 0.9.5
4
CVSSv2
CVE-2015-4463
The file_manager component in eFront CMS prior to 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
Efrontlearning Efront
6.8
CVSSv2
CVE-2009-3426
PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote malicious users to execute arbitrary PHP code via a URL in the fm_includes_special parameter.
Databay Maxcms 3.11.20b
1 EDB exploit
6.5
CVSSv2
CVE-2018-11098
An issue exists in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
Frog Cms Project Frog Cms 0.9.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »