Home/Product/afian filerun
Product

afian filerun

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2022-47532
all versions
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request.
9.8CRITICAL
 CVE-2023-28876
<= 2022.02.02
A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments
4.3MEDIUM
 CVE-2023-28875
all versions
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is ex
5.4MEDIUM
 CVE-2022-30469
all versions
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in /?module=fileman&section=get&page=grid lea
8.8HIGH
 CVE-2022-30470
all versions
In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remot
9.8CRITICAL
 CVE-2021-35506
all versions
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a previe
6.1MEDIUM
 CVE-2021-35505
<= 2021.03.26
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
7.2HIGH
 CVE-2021-35504
<= 2021.03.26
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
7.2HIGH
 CVE-2021-35503
all versions
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
6.1MEDIUM
 CVE-2019-12905
>= 2019.05.21 and < 2019.06.01
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun
6.1MEDIUM
 CVE-2019-12459
>= 2019.05.21 and < 2019.06.01
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.
5.3MEDIUM
 CVE-2019-12458
>= 2019.05.21 and < 2019.06.01
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.
5.3MEDIUM
 CVE-2019-12457
>= 2019.05.21 and < 2019.06.01
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
5.3MEDIUM
 CVE-2018-7735
<= 2017.09.25
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search p
7.2HIGH
 CVE-2018-7734
<= 2017.09.25
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search p
7.2HIGH
 CVE-2017-14738
<= 2017.09.18
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the
9.8CRITICAL
 CVE-2007-2470
<= 1.0
Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbit
 CVE-2007-2469
<= 1.0
SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh