CVE-2025-46002

Опубликовано: 18 июл. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.

Ссылки

https://github.com/simogeo/Filemanager
Product
https://github.com/simogeo/Filemanager/releases/tag/v1.7.0
Release Notes
https://github.com/simogeo/Filemanager/releases/tag/v1.8.0
Release Notes
https://github.com/simogeo/Filemanager/releases/tag/v2.0.0
Release Notes
https://github.com/simogeo/Filemanager/releases/tag/v2.1.0
Release Notes
https://github.com/simogeo/Filemanager/releases/tag/v2.2.0
Release Notes
https://github.com/simogeo/Filemanager/releases/tag/v2.3.0
Release Notes
https://github.com/zakumini/CVE-List/blob/main/CVE-2025-46002/CVE-2025-46002.md
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/38945
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simogeo:filemanager:*:*:*:*:*:*:*:*

Версия до 2.0.0 (включая)

EPSS

Процентиль: 79%

0.0129

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-23

Связанные уязвимости

GHSA-r7q6-6fmq-mx4c