Total
12 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-30469 | 1 Afian | 1 Filerun | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | |||||
CVE-2022-30470 | 1 Afian | 1 Filerun | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | |||||
CVE-2021-35504 | 1 Afian | 1 Filerun | 2021-10-12 | 6.5 MEDIUM | 7.2 HIGH |
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | |||||
CVE-2021-35505 | 1 Afian | 1 Filerun | 2021-10-12 | 6.5 MEDIUM | 7.2 HIGH |
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | |||||
CVE-2021-35506 | 1 Afian | 1 Filerun | 2021-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | |||||
CVE-2021-35503 | 1 Afian | 1 Filerun | 2021-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | |||||
CVE-2019-12458 | 1 Afian | 1 Filerun | 2021-03-22 | 5.0 MEDIUM | 5.3 MEDIUM |
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
CVE-2019-12459 | 1 Afian | 1 Filerun | 2021-03-22 | 5.0 MEDIUM | 5.3 MEDIUM |
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
CVE-2019-12457 | 1 Afian | 1 Filerun | 2021-03-22 | 5.0 MEDIUM | 5.3 MEDIUM |
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
CVE-2019-12905 | 1 Afian | 1 Filerun | 2021-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. | |||||
CVE-2018-7735 | 1 Afian | 1 Filerun | 2018-03-26 | 6.5 MEDIUM | 7.2 HIGH |
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata§ion=cpanel&page=list_filetypes request. | |||||
CVE-2018-7734 | 1 Afian | 1 Filerun | 2018-03-26 | 6.5 MEDIUM | 7.2 HIGH |
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request. |