Sunhater Kcfinder — known CVE vulnerabilities
Every CVE whose affected-product data names Sunhater Kcfinder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
- CVE-2018-25002 — CVSS 8.8 (high): uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This…
- CVE-2019-14315 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote…
- CVE-2014-3988 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web…