Filedownload
by Modxcms
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11248 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2018 | util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal. | ||
| CVE-2015-1000003 | Cri | 0.64 | 9.8 | 0.03 | Oct 6, 2016 | Blind SQL Injection in filedownload v1.4 wordpress plugin | ||
| CVE-2015-1000002 | Hig | 0.53 | 8.2 | 0.02 | Oct 6, 2016 | Open Proxy in filedownload v1.4 wordpress plugin | ||
| CVE-2015-1000004 | Med | 0.40 | 6.1 | 0.01 | Oct 6, 2016 | XSS in filedownload v1.4 wordpress plugin | ||
| CVE-2007-0659 | 0.00 | — | 0.01 | Feb 1, 2007 | download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials. |
- risk 0.64cvss 9.8epss 0.02
util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.
- risk 0.64cvss 9.8epss 0.03
Blind SQL Injection in filedownload v1.4 wordpress plugin
- risk 0.53cvss 8.2epss 0.02
Open Proxy in filedownload v1.4 wordpress plugin
- risk 0.40cvss 6.1epss 0.01
XSS in filedownload v1.4 wordpress plugin
- CVE-2007-0659Feb 1, 2007risk 0.00cvss —epss 0.01
download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.