This page lists publicly disclosed CVE vulnerabilities affecting afian filerun (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-28876 | A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | [email protected] | 4.3 | 0.48% | 2023-12-05 | 2026-06-17 |
| CVE-2023-28875 | A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. | [email protected] | 5.4 | 0.43% | 2023-12-05 | 2026-06-17 |
| CVE-2022-30469 | In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | [email protected] | 8.8 | 1.44% | 2022-06-06 | 2026-06-17 |
| CVE-2022-30470 | In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | [email protected] | 9.8 | 2.47% | 2022-06-02 | 2026-06-17 |
| CVE-2021-35506 | Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | [email protected] | 6.1 | 0.71% | 2021-10-05 | 2026-06-16 |
| CVE-2021-35505 | Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | [email protected] | 7.2 | 2.73% | 2021-10-05 | 2026-06-16 |
| CVE-2021-35504 | Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | [email protected] | 7.2 | 3.06% | 2021-10-05 | 2026-06-16 |
| CVE-2021-35503 | Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | [email protected] | 6.1 | 0.71% | 2021-10-05 | 2026-06-16 |
| CVE-2019-12905 | FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. | [email protected] | 6.1 | 3.60% | 2019-06-20 | 2026-06-16 |
| CVE-2019-12459 | FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. | [email protected] | 5.3 | 1.84% | 2019-05-30 | 2026-06-16 |
| CVE-2019-12458 | FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01. | [email protected] | 5.3 | 1.84% | 2019-05-30 | 2026-06-16 |
| CVE-2019-12457 | FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01. | [email protected] | 5.3 | 1.84% | 2019-05-30 | 2026-06-16 |
| CVE-2018-7735 | Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata§ion=cpanel&page=list_filetypes request. | [email protected] | 7.2 | 1.34% | 2018-03-06 | 2026-06-16 |
| CVE-2018-7734 | Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request. | [email protected] | 7.2 | 1.34% | 2018-03-06 | 2026-06-16 |