PT-2026-28486 · Filerise · Filerise
Bg0D-Glitch
·
Publicado
2026-03-26
·
Atualizado
2026-03-26
·
CVE-2026-33477
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FileRise versions 2.3.7 through 3.10.0
Description
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. The file snippet endpoint
/api/file/snippet.php allows an authenticated user with only read own access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the read own enforcement for hover previews. The read own access control is bypassed, allowing unauthorized access to file content.Recommendations
FileRise versions 2.3.7 through 3.10.0 should be upgraded to version 3.11.0 or later.
Exploit
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Filerise