CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52306 – FileManager Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2024-52306
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9. • https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2008-0222 – Wp-FileManager <= 1.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-0222
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. Vulnerabilidad de subida de ficheros no restringida en ajaxfilemanager.php de la extensión (plugin) Wp-FileManager 1.2 para WordPress permite a atacantes remotos subir y ejecutar ficheros PHP de su elección mediante vectores no especificados. • https://www.exploit-db.com/exploits/4844 http://www.securityfocus.com/bid/27151 https://exchange.xforce.ibmcloud.com/vulnerabilities/39462 • CWE-94: Improper Control of Generation of Code ('Code Injection') •