Shamalli Web Directory Free vulnerabilities
5 known vulnerabilities affecting shamalli/web_directory_free.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-28904P2CRITICALCVSS 9.3≤ 1.7.62025-03-25
CVE-2025-28904 [CRITICAL] CWE-89 CVE-2025-28904: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free web-directory-free allows Blind SQL Injection.This issue affects Web Directory Free: from n/a through <= 1.7.6.
nvd
CVE-2025-30908P4HIGHCVSS 7.1≤ 1.7.62025-04-03
CVE-2025-30908 [HIGH] CWE-352 CVE-2025-30908: Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free web-directory-free al
Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free web-directory-free allows Stored XSS.This issue affects Web Directory Free: from n/a through <= 1.7.6.
nvd
CVE-2025-69018P4MEDIUMCVSS 6.5≤ 1.7.122025-12-30
CVE-2025-69018 [MEDIUM] CWE-79 CVE-2025-69018: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through <= 1.7.12.
nvd
CVE-2024-47379P4HIGHCVSS 7.1≤ 1.7.32024-10-05
CVE-2024-47379 [HIGH] CWE-79 CVE-2024-47379: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.3.
nvd
CVE-2025-39567P4HIGHCVSS 7.1≤ 1.7.82025-04-17
CVE-2025-39567 [HIGH] CWE-79 CVE-2025-39567: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.8.
nvd