CNNVD-202506-3792 Information
CNNVD ID
CNNVD-202506-3792
Related CVE
- CNNVD Published: 2025-06-30
Description (Chinese)
FileBrowser是开源的一款网页文件浏览器。提供指定目录下的文件管理界面,可用于上传、删除、预览、重命名和编辑您的文件。它允许创建多个用户,每个用户可以有自己的目录。它可以用作独立的应用程序或中间件。 FileBrowser 2.33.10之前版本存在命令注入漏洞,该漏洞源于允许列表实现错误,可能导致未经授权的命令执行。
Description (English)
FileBrowser is an open source web file browser. Provides a file management interface under a specified directory for uploading, deleting, previewing, renaming and editing your files. It allows the creation of multiple users, each of whom can have its own directory. It can be used as a stand-alone application or intermediate. The pre-FileBrowser 2.33.10 version of the order injects a loophole, which arises from an error in allowing the list to be made and may lead to unauthorized orders being executed.
Hazard Level
Medium
Vulnerability Type
命令注入
Affected Vendor
Live Support
Published
2025-06-30
Last Modified
2026-02-24
References
https://github.com/filebrowser/filebrowser/commit/4d830f707fc4314741fd431e70c2ce50cd5a3108 https://github.com/filebrowser/filebrowser/security/advisories/GHSA-w7qc-6grj-w7r8 https://github.com/filebrowser/filebrowser/releases/tag/v2.33.10 https://access.redhat.com/security/cve/cve-2025-52995
Patch
https://github.com/filebrowser/filebrowser/releases
Share on: