Vulnerabilities (CVE)

Filtered by vendor Afian Subscribe
Filtered by product Filerun
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28876 1 Afian 1 Filerun 2024-11-21 N/A 4.3 MEDIUM
A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.
CVE-2023-28875 1 Afian 1 Filerun 2024-11-21 N/A 5.4 MEDIUM
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link.
CVE-2022-30470 1 Afian 1 Filerun 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.
CVE-2022-30469 1 Afian 1 Filerun 2024-11-21 6.5 MEDIUM 8.8 HIGH
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection.
CVE-2021-35506 1 Afian 1 Filerun 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.
CVE-2021-35505 1 Afian 1 Filerun 2024-11-21 6.5 MEDIUM 7.2 HIGH
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
CVE-2021-35504 1 Afian 1 Filerun 2024-11-21 6.5 MEDIUM 7.2 HIGH
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
CVE-2021-35503 1 Afian 1 Filerun 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
CVE-2019-12905 1 Afian 1 Filerun 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
CVE-2019-12459 1 Afian 1 Filerun 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2019-12458 1 Afian 1 Filerun 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2019-12457 1 Afian 1 Filerun 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2018-7735 1 Afian 1 Filerun 2024-11-21 6.5 MEDIUM 7.2 HIGH
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.
CVE-2018-7734 1 Afian 1 Filerun 2024-11-21 6.5 MEDIUM 7.2 HIGH
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.