Liquidfiles: >> Liquidfiles >> 3.5.3 Security Vulnerabilities
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-08-04
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.
CVSS Score
3.8
EPSS Score
0.001
Published
2025-08-04
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-10-30
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.
CVSS Score
8.8
EPSS Score
0.183
Published
2021-11-11