Vulnerabilities > Roxyfileman > Roxy Fileman
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2022-40797 | Unrestricted Upload of File with Dangerous Type vulnerability in Roxyfileman Roxy Fileman 1.4.6 Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. | 9.8 |
| 2019-12-16 | CVE-2019-19731 | Path Traversal vulnerability in Roxyfileman Roxy Fileman 1.4.5 Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. | 5.0 |
| 2019-04-09 | CVE-2019-7174 | Unspecified vulnerability in Roxyfileman Roxy Fileman 1.4.5 Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations. | 7.5 |
| 2019-03-21 | CVE-2018-20526 | Unrestricted Upload of File with Dangerous Type vulnerability in Roxyfileman Roxy Fileman 1.4.5 Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. | 7.5 |
| 2019-03-21 | CVE-2018-20525 | Path Traversal vulnerability in Roxyfileman Roxy Fileman 1.4.5 Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. | 6.4 |
| 2018-06-07 | CVE-2018-12042 | Path Traversal vulnerability in Roxyfileman Roxy Fileman Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. | 5.0 |