Vulnerability Details CVE-2025-46001
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.7%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-46001
-
cpe:2.3:a:simogeo:filemanager:0.8
-
cpe:2.3:a:simogeo:filemanager:0.9
-
cpe:2.3:a:simogeo:filemanager:1.0
-
cpe:2.3:a:simogeo:filemanager:1.1
-
cpe:2.3:a:simogeo:filemanager:1.5.0
-
cpe:2.3:a:simogeo:filemanager:1.6.0
-
cpe:2.3:a:simogeo:filemanager:1.7.0
-
cpe:2.3:a:simogeo:filemanager:1.8.0
-
cpe:2.3:a:simogeo:filemanager:2.0.0