Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file_manager vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-20775
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
Frog Cms Project Frog Cms 0.9.5
5.4
CVSSv3
CVE-2018-10806
An issue exists in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.
Frogcms Project Frogcms 0.9.5
6.5
CVSSv3
CVE-2015-4462
Absolute path traversal vulnerability in the file_manager component of eFront CMS prior to 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.
Efrontlearning Efront
8.8
CVSSv3
CVE-2015-6567
Wolf CMS prior to 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functio...
Wolfcms Wolf Cms
2 EDB exploits
8.8
CVSSv3
CVE-2015-6568
Wolf CMS prior to 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploadi...
Wolfcms Wolf Cms
2 EDB exploits
NA
CVE-2012-5169
Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent prior to 1.2-2 allow remote malicious users to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.
Atutor Acontent 1.2
Atutor Acontent
9.8
CVSSv3
CVE-2023-1294
A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql inj...
File Tracker Manager System Project File Tracker Management System 1.0
5.4
CVSSv3
CVE-2023-2678
A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstnam...
File Tracker Manager System Project File Tracker Manager System 1.0
NA
CVE-2012-1897
Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the p...
Wolfcms Wolf Cms
Wolfcms Wolf Cms 0.7.3
Wolfcms Wolf Cms 0.7.2
Wolfcms Wolf Cms 0.7.0
Wolfcms Wolf Cms 0.6.0
Wolfcms Wolf Cms 0.5.0
Wolfcms Wolf Cms 0.5.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2