Vulnerabilities > Roxyfileman > Roxy Fileman > 1.4.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-09 | CVE-2022-40797 | Unrestricted Upload of File with Dangerous Type vulnerability in Roxyfileman Roxy Fileman 1.4.6 Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. | 9.8 |