PT-2026-28486 · Filerise · Filerise
Bg0D-Glitch
·
Published
2026-03-26
·
Updated
2026-03-26
·
CVE-2026-33477
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FileRise versions 2.3.7 through 3.10.0
Description
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. The file snippet endpoint
/api/file/snippet.php allows an authenticated user with only read own access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the read own enforcement for hover previews. The read own access control is bypassed, allowing unauthorized access to file content.Recommendations
FileRise versions 2.3.7 through 3.10.0 should be upgraded to version 3.11.0 or later.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Filerise