CVE-2019-12905 – FileRun 2019.05.21 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12905
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. FileRun 21.05.2019 permite Cross-Site Scripting (XSS) mediante el filename en el URI module=fileman§ion=do&page=up. Este problema se ha solucionado en FileRun 01.06.2019. • https://www.exploit-db.com/exploits/48607 http://packetstormsecurity.com/files/158173/FileRun-2019.05.21-Cross-Site-Scripting.html https://github.com/EmreOvunc/FileRun-Vulnerabilities https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12459
https://notcve.org/view.php?id=CVE-2019-12459
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. FileRun hasta el 21-05-2019, permite lista de directorios (Directory Listing) de customizables/plugins/audio_player. Este problema se ha solucionado en FileRun 01.06.2019. • https://emreovunc.com/blog/en/FileRun-DirectoryListing-3.png https://filerun.com/changelog https://github.com/EmreOvunc/FileRun-Vulnerabilities https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-12458
https://notcve.org/view.php?id=CVE-2019-12458
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01. FileRun hasta el 21-05-2019, permite lista de directorios (Directory Listing) de css/ext-ux. Este problema se ha solucionado en FileRun 01.06.2019. • https://emreovunc.com/blog/en/FileRun-DirectoryListing-2.png https://filerun.com/changelog https://github.com/EmreOvunc/FileRun-Vulnerabilities https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-12457
https://notcve.org/view.php?id=CVE-2019-12457
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01. FileRun hasta el 21-05-2019, permite lista de directorios (Directory Listing) de images/extjs. Este problema se ha solucionado en FileRun 01.06.2019. • https://emreovunc.com/blog/en/FileRun-DirectoryListing-1.png https://filerun.com/changelog https://github.com/EmreOvunc/FileRun-Vulnerabilities https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-7734
https://notcve.org/view.php?id=CVE-2018-7734
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request. Afian FileRun (en versiones anteriores a la 2018.02.13) sufre de una vulnerabilidad de inyección SQL remota al iniciar sesión como superusuario mediante el parámetro search en una petición /?module=userssection=cpanelpage=list. • http://www.filerun.com/changelog https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •