Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roxy fileman vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40797
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
Roxyfileman Roxy Fileman 1.4.6
445
VMScore
CVE-2019-19731
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the St...
Roxyfileman Roxy Fileman 1.4.5
668
VMScore
CVE-2019-7174
Roxy Fileman 1.4.5 allows malicious users to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.
Roxyfileman Roxy Fileman 1.4.5
1 Github repository
645
VMScore
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
Roxyfileman Roxy Fileman 1.4.5
1 EDB exploit
755
VMScore
CVE-2018-20526
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
Roxyfileman Roxy Fileman 1.4.5
1 EDB exploit
445
VMScore
CVE-2018-12042
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.
Roxyfileman Roxy Fileman
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started