Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hadi mene vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40797
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
Roxyfileman Roxy Fileman 1.4.6
7.5
CVSSv2
CVE-2020-10567
An issue exists in Responsive Filemanager up to and including 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains ...
Tecrail Responsive Filemanager
NA
CVE-2023-27179
GDidees CMS v3.9.1 and lower exists to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
Gdidees Gdidees Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started