PT-2026-55874 · Unknown+1 · File Manager+4
Mcdruid
·
Published
2026-07-06
·
Updated
2026-07-06
·
CVE-2026-6382
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FileOrganizer versions prior to 1.1.9
Advanced File Manager versions prior to 5.4.12
File Manager Pro versions prior to 2.1.1
File Manager versions prior to 8.0.4
Description
Authenticated users can perform OS Command Injection when the software processes image operations. This occurs because a parameter is not properly escaped before being passed to a shell command. This issue is exploitable if the server has the ImageMagick convert CLI available and lacks both the PHP imagick and GD extensions.
Recommendations
Update FileOrganizer to version 1.1.9 or later.
Update Advanced File Manager to version 5.4.12 or later.
Update File Manager Pro to version 2.1.1 or later.
Update File Manager to version 8.0.4 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advanced File Manager
File Manager
File Manager Pro
Fileorganizer
Imagemagick