RSS   Vulnerabilities for 'Filerun'   RSS

2022-06-06
 
CVE-2022-30469

CWE-89
 
 
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection.

 
2022-06-02
 
CVE-2022-30470

NVD-CWE-noinfo
 
 
In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

 
2021-10-05
 
CVE-2021-35503

CWE-79
 
 
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.

 
 
CVE-2021-35504

CWE-74
 
 
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.

 
 
CVE-2021-35505

CWE-74
 
 
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.

 
 
CVE-2021-35506

CWE-79
 
 
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.

 
2019-06-20
 
CVE-2019-12905

CWE-79
 
 
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.

 
2019-05-30
 
CVE-2019-12459

CWE-22
 
 
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.

 
 
CVE-2019-12458

CWE-22
 
 
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.

 
 
CVE-2019-12457

CWE-22
 
 
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.

 

Copyright 2024, cxsecurity.com

 

Back to Top