Primary

Context

Filemanager Arbitrary File Upload Vulnerability Allowing Code Execution

Vulnerability

An arbitrary file upload vulnerability has been identified in Filemanager version 2.5.0, specifically within the component '/rsc/filemanager.rsc.class.php'. This vulnerability allows attackers to execute arbitrary code by uploading a specially crafted SVG file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Filemanager is hosted.

Reproduction

To reproduce this vulnerability, upload a crafted SVG file through the Filemanager interface. The file will be accepted due to inadequate validation, leading to the execution of arbitrary code on the server.

Added: Jul 18, 2025, 3:25 PM

Updated: Jul 18, 2025, 3:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Filemanager Arbitrary File Upload Vulnerability Allowing Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating