Showing 1 - 1 of 1

CVE-2022-40797

Status Candidate

Overview

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)

Related Files

Roxy Fileman 1.4.6 Remote Shell Upload: Posted Nov 21, 2022; Authored by Hadi Mene; Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.; tags | exploit, remote, shell, proof of concept, file upload; advisories | CVE-2022-40797; SHA-256 | 16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 240 files
Ubuntu 63 files
Debian 21 files
LiquidWorm 14 files
Apple 9 files
Gentoo 8 files
Alter Prime 3 files
EQSTLab 2 files
Yehia Elghaly 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,168)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,979)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,006)
UNIX (9,479)
UnixWare (188)
Windows (6,785)
Other

CVE-2022-40797

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems