RSS   Vulnerabilities for 'Filecloud'   RSS

2022-06-15
 
CVE-2022-1958

NVD-CWE-noinfo
 

 
A vulnerability classified as critical has been found in FileCloud. Affected is the NTFS handler which leads to improper access controls. It is possible to launch the attack remotely but it demands some form of authentication. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component.

 
2022-02-24
 
CVE-2022-24633

CWE-200
 

 
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths.

 
2022-02-16
 
CVE-2022-25241

CWE-352
 

 
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).

 
 
CVE-2022-25242

CWE-352
 

 
In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).

 


Copyright 2024, cxsecurity.com

 

Back to Top