Vulnerabilities > Afian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-06 | CVE-2023-28875 | Cross-site Scripting vulnerability in Afian Filerun 2022.02.02 A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. | 5.4 |
2023-12-06 | CVE-2023-28876 | Unspecified vulnerability in Afian Filerun A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | 4.3 |
2022-06-06 | CVE-2022-30469 | SQL Injection vulnerability in Afian Filerun 2022.02.02 In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | 8.8 |
2022-06-02 | CVE-2022-30470 | Unspecified vulnerability in Afian Filerun 2022.02.02 In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | 9.8 |
2021-10-05 | CVE-2021-35506 | Cross-site Scripting vulnerability in Afian Filerun 2021.03.26 Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | 6.1 |
2021-10-05 | CVE-2021-35503 | Cross-site Scripting vulnerability in Afian Filerun 2021.03.26 Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | 6.1 |
2021-10-05 | CVE-2021-35504 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | 7.2 |
2021-10-05 | CVE-2021-35505 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | 7.2 |
2019-06-20 | CVE-2019-12905 | Cross-site Scripting vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. | 6.1 |
2019-05-30 | CVE-2019-12459 | Path Traversal vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. | 5.3 |