leefish CVE 脆弱性と CVE 一覧（5）

製品（CPE）: — CVE 件数: 5

leefish 脆弱性概要

leefish 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk cross-site scripting and パス処理の欠陥があり、vendor surface production workloads and vendor surface software deployment の利用場面でファイル上書き and vendor impact session compromise などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移（直近24か月）

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2026-30580	File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system.	[email protected]	4.3	0.07%	2026-03-20	2026-04-01
CVE-2026-30579	File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload.	[email protected]	6.5	0.02%	2026-03-20	2026-04-01
CVE-2026-30578	File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code.	[email protected]	6.5	0.02%	2026-03-20	2026-04-01
CVE-2019-25471	FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, and execute arbitrary commands through the extracted PHP files.	[email protected]	9.3	0.88%	2026-03-11	2026-04-13
CVE-2023-53942	File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.	[email protected]	9.4	0.10%	2025-12-18	2025-12-31

cvelogic Threat Intelligence