PT-2026-55874 · Unknown+1 · File Manager+4

Mcdruid

·

Published

2026-07-06

·

Updated

2026-07-06

·

CVE-2026-6382

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions FileOrganizer versions prior to 1.1.9 Advanced File Manager versions prior to 5.4.12 File Manager Pro versions prior to 2.1.1 File Manager versions prior to 8.0.4
Description Authenticated users can perform OS Command Injection when the software processes image operations. This occurs because a parameter is not properly escaped before being passed to a shell command. This issue is exploitable if the server has the ImageMagick convert CLI available and lacks both the PHP imagick and GD extensions.
Recommendations Update FileOrganizer to version 1.1.9 or later. Update Advanced File Manager to version 5.4.12 or later. Update File Manager Pro to version 2.1.1 or later. Update File Manager to version 8.0.4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-6382

Affected Products

Advanced File Manager
File Manager
File Manager Pro
Fileorganizer
Imagemagick