Vulnerabilities > Afian > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-06 CVE-2022-30469 SQL Injection vulnerability in Afian Filerun 2022.02.02
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection.
network
low complexity
afian CWE-89
8.8
8.8
2021-10-05 CVE-2021-35504 Injection vulnerability in Afian Filerun
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
network
low complexity
afian CWE-74
7.2
7.2
2021-10-05 CVE-2021-35505 Injection vulnerability in Afian Filerun
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
network
low complexity
afian CWE-74
7.2
7.2
2018-03-06 CVE-2018-7735 SQL Injection vulnerability in Afian Filerun
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.
network
low complexity
afian CWE-89
7.2
7.2
2018-03-06 CVE-2018-7734 SQL Injection vulnerability in Afian Filerun
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.
network
low complexity
afian CWE-89
7.2
7.2