Vulnerabilities (CVE)

Filtered by vendor Afian Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-30469	1 Afian	1 Filerun	2022-06-14	6.5 MEDIUM	8.8 HIGH
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection.
CVE-2021-35504	1 Afian	1 Filerun	2021-10-12	6.5 MEDIUM	7.2 HIGH
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
CVE-2021-35505	1 Afian	1 Filerun	2021-10-12	6.5 MEDIUM	7.2 HIGH
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
CVE-2018-7734	1 Afian	1 Filerun	2018-03-26	6.5 MEDIUM	7.2 HIGH
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.
CVE-2018-7735	1 Afian	1 Filerun	2018-03-26	6.5 MEDIUM	7.2 HIGH
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.