Hahwul

**Name of the Vulnerable Software and Affected Versions** Filemanager version 2.3.0 **Description** An arbitrary file upload vulnerability exists in the `is allowed file type()` function. This allows attackers to execute arbitrary code by uploading a crafted PHP file. **Recommendations** Filemanager version 2.3.0: Address the issue by securing the file upload process and validating file types to prevent the execution of arbitrary code. As a temporary workaround, consider restricting file uploads to authorized users only.

**Name of the Vulnerable Software and Affected Versions** Filemanager versions 2.5.0 and below **Description** An issue allows attackers to execute a directory traversal via sending a crafted HTTP request to the `filemanager.php` endpoint. **Recommendations** Filemanager versions prior to 2.5.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.