Количество 3
Количество 3
CVE-2025-52901
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user's account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9.
GHSA-rmwh-g367-mj4x
File Browser allows sensitive data to be transferred in URL
BDU:2025-10678
Уязвимость веб-менеджера для управления файлами и каталогами File Browser, связанная с раскрытием информации посредством строки запросов, позволяющая нарушителю получить несанкционированный доступ к учетной записи пользователя
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-52901 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user's account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9. | CVSS3: 4.5 | 0% Низкий | 7 месяцев назад |
| GHSA-rmwh-g367-mj4x File Browser allows sensitive data to be transferred in URL | CVSS3: 4.5 | 0% Низкий | 7 месяцев назад |
 | BDU:2025-10678 Уязвимость веб-менеджера для управления файлами и каталогами File Browser, связанная с раскрытием информации посредством строки запросов, позволяющая нарушителю получить несанкционированный доступ к учетной записи пользователя | CVSS3: 4.5 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу