Unknown · Richfilemanager · CVE-2025-63994
**Name of the Vulnerable Software and Affected Versions**
RichFilemanager version 2.7.6
**Description**
A flaw exists in the /php/UploadHandler.php component that permits unauthorized file uploads. Successful exploitation allows attackers to execute arbitrary code by uploading a specially crafted file.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict file upload permissions to trusted users only.