CVE-2022-40797
- EPSS 9.02%
- Veröffentlicht 09.11.2022 07:15:09
- Zuletzt bearbeitet 01.05.2025 16:15:23
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server c...
CVE-2019-19731
- EPSS 25.36%
- Veröffentlicht 16.12.2019 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:16
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file ...
CVE-2019-7174
- EPSS 0.43%
- Veröffentlicht 09.04.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:43
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.
CVE-2018-20525
- EPSS 33.96%
- Veröffentlicht 21.03.2019 16:00:36
- Zuletzt bearbeitet 21.11.2024 04:01:39
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
CVE-2018-20526
- EPSS 87.67%
- Veröffentlicht 21.03.2019 16:00:36
- Zuletzt bearbeitet 21.11.2024 04:01:39
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
CVE-2018-12042
- EPSS 0.53%
- Veröffentlicht 07.06.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:28
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.