CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52306 – FileManager Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2024-52306
13 Nov 2024 — FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9. • https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2008-0222 – Wp-FileManager <= 1.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-0222
06 Jan 2008 — Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. Vulnerabilidad de subida de ficheros no restringida en ajaxfilemanager.php de la extensión (plugin) Wp-FileManager 1.2 para WordPress permite a atacantes remotos subir y ejecutar ficheros PHP de su elección mediante vectores no especificados. • https://www.exploit-db.com/exploits/4844 • CWE-94: Improper Control of Generation of Code ('Code Injection') •