PT-2025-30041 · Unknown · File Manager
Hahwul
+1
·
Published
2025-07-18
·
Updated
2025-07-18
·
CVE-2025-46001
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Filemanager version 2.3.0
Description
An arbitrary file upload vulnerability exists in the
is allowed file type() function. This allows attackers to execute arbitrary code by uploading a crafted PHP file.Recommendations
Filemanager version 2.3.0: Address the issue by securing the file upload process and validating file types to prevent the execution of arbitrary code. As a temporary workaround, consider restricting file uploads to authorized users only.
Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
File Manager