CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16966 – File Manager <= 3.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-16966
17 Sep 2018 — There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. El plugin mndpsingh287 File Manager para WordPress es vulnerable a un Cross-site request forgery (CSRF) a través del parametro page=wp_file_manager_root public_path. There is a CSRF vulnerability in the File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. • https://ansawaf.blogspot.com/2019/04/file-manager-plugin-wordpress-plugin.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16967 – File Manager <= 3.0 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-16967
17 Sep 2018 — There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. El plugin mndpsingh287 File Manager para WordPress es vulnerable a un Cross-site scripting (XSS) a través del parametro page=wp_file_manager_root public_path. There is an XSS vulnerability in the File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. • https://ansawaf.blogspot.com/2019/04/file-manager-plugin-wordpress-plugin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25105 – File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download
https://notcve.org/view.php?id=CVE-2018-25105
17 Sep 2018 — The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution. • https://www.wordfence.com/threat-intel/vulnerabilities/id/a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0?source=cve • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16363 – File Manager <= 2.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-16363
06 Sep 2018 — The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. El plugin mndpsingh287 File Manager V2.9 para WordPress tiene Cross-Site Scripting (XSS) mediante el parámetro lang en una petición wp-admin/admin.php?page=wp_file_manager debido a que se emplea set_transient en file_folder_manager.php y hay un eco de lang en ... • http://blog.51cto.com/010bjsoft/2171087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7204 – Bit File Manager <= 5.0.0 - Information Disclosure
https://notcve.org/view.php?id=CVE-2018-7204
02 Mar 2018 — inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites. inc/logger.php en el plugin Giribaz File Manager, en versiones anteriores a la 5.0.2, para ... • https://plugins.trac.wordpress.org/changeset/1823035/file-manager • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2005-1602
https://notcve.org/view.php?id=CVE-2005-1602
16 May 2005 — SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. • http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0134.html •