Afian Filerun vulnerabilities
14 known vulnerabilities affecting afian/filerun.
Total CVEs
14
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2019-12905P3MEDIUMCVSS 6.1PoC≥ 2019.05.21, < 2019.06.012019-06-20
CVE-2019-12905 [MEDIUM] CWE-79 CVE-2019-12905: FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This i
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
nvd
CVE-2022-30470P2CRITICALCVSS 9.8v2022.02.022022-06-02
CVE-2022-30470 [CRITICAL] CVE-2022-30470: In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploa
In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.
nvd
CVE-2022-30469P3HIGHCVSS 8.8v2022.02.022022-06-06
CVE-2022-30469 [HIGH] CWE-89 CVE-2022-30469: In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=file
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection.
nvd
CVE-2021-35504P3HIGHCVSS 7.2≤ 2021.03.262021-10-05
CVE-2021-35504 [HIGH] CWE-74 CVE-2021-35504: Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value f
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
nvd
CVE-2021-35505P3HIGHCVSS 7.2≤ 2021.03.262021-10-05
CVE-2021-35505 [HIGH] CWE-74 CVE-2021-35505: Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value f
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
nvd
CVE-2018-7735P3HIGHCVSS 7.2≤ 2017.09.252018-03-06
CVE-2018-7735 [HIGH] CWE-89 CVE-2018-7735: Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata§ion=cpanel&page=list_filetypes request.
nvd
CVE-2018-7734P3HIGHCVSS 7.2≤ 2017.09.252018-03-06
CVE-2018-7734 [HIGH] CWE-89 CVE-2018-7734: Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request.
nvd
CVE-2019-12458P4MEDIUMCVSS 5.3≥ 2019.05.21, < 2019.06.012019-05-30
CVE-2019-12458 [MEDIUM] CWE-22 CVE-2019-12458: FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.
nvd
CVE-2019-12459P4MEDIUMCVSS 5.3≥ 2019.05.21, < 2019.06.012019-05-30
CVE-2019-12459 [MEDIUM] CWE-22 CVE-2019-12459: FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.
nvd
CVE-2019-12457P4MEDIUMCVSS 5.3≥ 2019.05.21, < 2019.06.012019-05-30
CVE-2019-12457 [MEDIUM] CWE-22 CVE-2019-12457: FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
nvd
CVE-2021-35503P4MEDIUMCVSS 6.1v2021.03.262021-10-05
CVE-2021-35503 [MEDIUM] CWE-79 CVE-2021-35503: Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled whe
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
nvd
CVE-2023-28875P4MEDIUMCVSS 5.4v2022.02.022023-12-06
CVE-2023-28875 [MEDIUM] CWE-79 CVE-2023-28875: A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inj
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link.
nvd
CVE-2021-35506P4MEDIUMCVSS 6.1v2021.03.262021-10-05
CVE-2021-35506 [MEDIUM] CWE-79 CVE-2021-35506: Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use o
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.
nvd
CVE-2023-28876P4MEDIUMCVSS 4.3≤ 2022.02.022023-12-06
CVE-2023-28876 [MEDIUM] CVE-2023-28876: A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allow
A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.
nvd