Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roxyfileman roxy fileman vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-40797
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
Roxyfileman Roxy Fileman 1.4.6
7.5
CVSSv3
CVE-2019-19731
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the St...
Roxyfileman Roxy Fileman 1.4.5
9.8
CVSSv3
CVE-2019-7174
Roxy Fileman 1.4.5 allows malicious users to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.
Roxyfileman Roxy Fileman 1.4.5
1 Github repository
9.8
CVSSv3
CVE-2018-20526
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
Roxyfileman Roxy Fileman 1.4.5
1 EDB exploit
9.1
CVSSv3
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
Roxyfileman Roxy Fileman 1.4.5
1 EDB exploit
7.5
CVSSv3
CVE-2018-12042
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.
Roxyfileman Roxy Fileman
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started