Skip to main content

Filerun

15 CVEs product

Monthly

CVE-2023-28876 MEDIUM POC This Month

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filerun
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-28875 MEDIUM POC This Month

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30469 HIGH POC This Week

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-30470 CRITICAL Act Now

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Filerun
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-35506 MEDIUM POC This Month

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-35505 HIGH POC This Week

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Filerun
NVD VulDB
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-35504 HIGH POC This Week

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Filerun
NVD VulDB
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-35503 MEDIUM POC This Month

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-12905 MEDIUM POC This Month

FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.6%
CVE-2019-12459 MEDIUM POC This Month

FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filerun
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-12458 MEDIUM POC This Month

FileRun 2019.05.21 allows css/ext-ux Directory Listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filerun
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-12457 MEDIUM POC This Month

FileRun 2019.05.21 allows images/extjs Directory Listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filerun
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2018-7735 HIGH POC This Week

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-7734 HIGH POC This Week

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2017-14738 CRITICAL POC PATCH Act Now

FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Filerun
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.3%
EPSS 0% CVSS 4.3
MEDIUM POC This Month

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filerun
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Filerun
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Filerun
NVD VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Filerun
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD VulDB
EPSS 4% CVSS 6.1
MEDIUM POC This Month

FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD GitHub Exploit-DB
EPSS 2% CVSS 5.3
MEDIUM POC This Month

FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filerun
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

FileRun 2019.05.21 allows css/ext-ux Directory Listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filerun
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

FileRun 2019.05.21 allows images/extjs Directory Listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filerun
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Filerun
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy