CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2643 – SourceCodester File Tracker Manager System POST Parameter update_password.php sql injection
https://notcve.org/view.php?id=CVE-2023-2643
11 May 2023 — A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component POST Parameter Handler. The manipulation of the argument new_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GZRsecurity/cve/blob/main/SQLi.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1302 – SourceCodester File Tracker Manager System borrow1.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-1302
09 Mar 2023 — A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/godownio/bug_report/blob/main/vendors/hemedy99/File%20Tracker%20Manager%20System/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1294 – SourceCodester File Tracker Manager System POST Parameter login.php sql injection
https://notcve.org/view.php?id=CVE-2023-1294
09 Mar 2023 — A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. • https://github.com/godownio/bug_report/blob/main/vendors/hemedy99/File%20Tracker%20Manager%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45475
https://notcve.org/view.php?id=CVE-2022-45475
25 Nov 2022 — Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. La versión 2.4.8 de Tiny File Manager permite que un atacante remoto no autenticado acceda a los archivos internos de la aplicación. Esto es posible porque la aplicación es vulnerable a un control de acceso roto. • https://fluidattacks.com/advisories/mosey •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45476
https://notcve.org/view.php?id=CVE-2022-45476
25 Nov 2022 — Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. La versión 2.4.8 de Tiny File Manager ejecuta el código de los archivos cargados por los usuarios de la aplicación, en lugar de simplemente devolverlos para su descarga. Esto es posible porque la aplicación es vulnerable a la carga de archivos no segura. • https://fluidattacks.com/advisories/mosey • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-23044
https://notcve.org/view.php?id=CVE-2022-23044
25 Nov 2022 — Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF. La versión 2.4.8 de Tiny File Manager permite a un atacante remoto no autenticado persuadir a los usuarios para que realicen acciones no deseadas dentro de la aplicación. Esto es posible porque la aplicación es vulnerable a CSRF. • https://fluidattacks.com/advisories/mosey • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1000 – Path Traversal in prasathmani/tinyfilemanager
https://notcve.org/view.php?id=CVE-2022-1000
17 Mar 2022 — Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. Un Salto de Ruta en el repositorio de GitHub prasathmani/tinyfilemanager versiones anteriores a 2.4.7 • https://github.com/prasathmani/tinyfilemanager/commit/154947ef83efeb68fc2b921065392b6a7fc9c965 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 75%CPEs: 1EXPL: 9CVE-2021-45010 – Tiny File Manager 2.4.6 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2021-45010
15 Mar 2022 — A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. Una vulnerabilidad de cruce de rutas en la funcionalidad de carga de archivos en tinyfilemanager.php en Tiny File Manager antes de la versión 2.4.7 permite a los atacantes remotos (con cuentas de usuario válidas) cargar archivos PHP maliciosos en la raíz web, lo que ... • https://packetstorm.news/files/id/166330 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36246
https://notcve.org/view.php?id=CVE-2020-36246
19 Feb 2021 — Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. Amaze File Manager versiones anteriores a 3.5.1, permite a atacantes alcanzar privilegios de root por medio de metacaracteres de shell en un enlace simbólico • https://compass-security.com/fileadmin/Research/Advisories/2020-18_CSNC-2020-030_Amaze_FileManager_Privilege_Escalation.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22550
https://notcve.org/view.php?id=CVE-2020-22550
04 Jan 2021 — Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server. Veno File Manager versiones 3.5.6, está afectado por una vulnerabilidad de salto de directorios. El uso del salto permite a un atacante descargar archivos confidenciales desde el servidor. • https://codecanyon.net/item/veno-file-manager-host-and-share-files/6114247 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •