CVE-2019-25632
- EPSS 0.03%
- Veröffentlicht 24.03.2026 11:27:06
- Zuletzt bearbeitet 25.03.2026 21:45:13
phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. Attackers can send GET requests to index.php with cr...
CVE-2023-53894
- EPSS 0.43%
- Veröffentlicht 16.12.2025 17:03:44
- Zuletzt bearbeitet 21.01.2026 22:26:08
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authenticatio...
CVE-2024-5673
- EPSS 0.24%
- Veröffentlicht 06.06.2024 11:15:49
- Zuletzt bearbeitet 21.11.2024 09:48:08
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and ...