Skip to main content

Roxy Fileman

4 CVEs product

Monthly

CVE-2022-40797 CRITICAL POC Act Now

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Roxy Fileman
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-19731 HIGH POC THREAT This Week

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft RCE Roxy Fileman
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
11.6%
CVE-2019-7174 CRITICAL POC Act Now

Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Roxy Fileman
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12042 HIGH POC This Week

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Roxy Fileman
NVD
CVSS 3.0
7.5
EPSS
1.8%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 12% CVSS 7.5
HIGH POC THREAT This Week

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft RCE +1
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Roxy Fileman
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Roxy Fileman
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy