Simogeo: >> Filemanager >> 0.9 Security Vulnerabilities
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-18
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-07-18
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
CVSS Score
6.5
EPSS Score
0.014
Published
2025-07-18