CVE-2022-40797 — CVSS 9.8 (critical): Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks…
CVE-2019-19731 — CVSS 7.5 (high): Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the…