Описание
Filemanager is vulnerable to Relative Path Traversal through filemanager.php
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-46002
- https://github.com/simogeo/Filemanager/releases/tag/v1.7.0
- https://github.com/simogeo/Filemanager/releases/tag/v1.8.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.0.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.1.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.2.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.3.0
- https://github.com/zakumini/CVE-List/blob/main/CVE-2025-46002/CVE-2025-46002.md
- https://www.exploit-db.com/exploits/38945
Пакеты
Наименование
simogeo/filemanager
composer
Затронутые версииВерсия исправления
<= 2.5.0
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
7 месяцев назад
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.