Leefish: >> File Thingie Security Vulnerabilities
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-18