VYPR

Filedownload

by Modxcms

CVEs (5)

  • CVE-2018-11248CriMay 18, 2018
    risk 0.64cvss 9.8epss 0.02

    util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.

  • CVE-2015-1000003CriOct 6, 2016
    risk 0.64cvss 9.8epss 0.03

    Blind SQL Injection in filedownload v1.4 wordpress plugin

  • CVE-2015-1000002HigOct 6, 2016
    risk 0.53cvss 8.2epss 0.02

    Open Proxy in filedownload v1.4 wordpress plugin

  • CVE-2015-1000004MedOct 6, 2016
    risk 0.40cvss 6.1epss 0.01

    XSS in filedownload v1.4 wordpress plugin

  • CVE-2007-0659Feb 1, 2007
    risk 0.00cvss epss 0.01

    download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.