Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Afian Subscribe
Filtered by product Filerun
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30469 1 Afian 1 Filerun 2022-06-14 6.5 MEDIUM 8.8 HIGH
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection.
CVE-2022-30470 1 Afian 1 Filerun 2022-06-10 7.5 HIGH 9.8 CRITICAL
In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.
CVE-2021-35504 1 Afian 1 Filerun 2021-10-12 6.5 MEDIUM 7.2 HIGH
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
CVE-2021-35505 1 Afian 1 Filerun 2021-10-12 6.5 MEDIUM 7.2 HIGH
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
CVE-2021-35506 1 Afian 1 Filerun 2021-10-08 4.3 MEDIUM 6.1 MEDIUM
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.
CVE-2021-35503 1 Afian 1 Filerun 2021-10-08 4.3 MEDIUM 6.1 MEDIUM
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
CVE-2019-12458 1 Afian 1 Filerun 2021-03-22 5.0 MEDIUM 5.3 MEDIUM
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2019-12459 1 Afian 1 Filerun 2021-03-22 5.0 MEDIUM 5.3 MEDIUM
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2019-12457 1 Afian 1 Filerun 2021-03-22 5.0 MEDIUM 5.3 MEDIUM
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2019-12905 1 Afian 1 Filerun 2021-03-22 4.3 MEDIUM 6.1 MEDIUM
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
CVE-2018-7735 1 Afian 1 Filerun 2018-03-26 6.5 MEDIUM 7.2 HIGH
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.
CVE-2018-7734 1 Afian 1 Filerun 2018-03-26 6.5 MEDIUM 7.2 HIGH
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.