File Manager
1 CVEs
product
Monthly
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
File Upload
PHP
RCE
File Manager
NVD
GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-63678
EPSS 0%
CVSS 7.2
HIGH
POC
This Month
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
File Upload
PHP
RCE
+1
NVD
GitHub