Every CVE whose affected-product data names Afian Filerun, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2022-30470 — CVSS 9.8 (critical): In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code…
CVE-2022-30469 — CVSS 8.8 (high): In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL…
CVE-2018-7734 — CVSS 7.2 (high): Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter…
CVE-2018-7735 — CVSS 7.2 (high): Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter…
CVE-2021-35504 — CVSS 7.2 (high): Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
CVE-2021-35505 — CVSS 7.2 (high): Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
CVE-2021-35503 — CVSS 6.1 (medium): Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
CVE-2021-35506 — CVSS 6.1 (medium): Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit…
CVE-2019-12905 — CVSS 6.1 (medium): FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun…
CVE-2023-28875 — CVSS 5.4 (medium): A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed…
CVE-2019-12459 — CVSS 5.3 (medium): FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2019-12458 — CVSS 5.3 (medium): FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2019-12457 — CVSS 5.3 (medium): FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVE-2023-28876 — CVSS 4.3 (medium): A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files…