CNNVD-202508-118 Information

CNNVD ID

CNNVD-202508-118

Related CVE

CVE-2025-54789

• CNNVD Published: 2025-08-02

Description (Chinese)

Files是Karl Ward个人开发者的一个单文件 PHP 应用程序。可以拖放到任何目录中，允许浏览其中的文件和目录。 Files 0.16.9及之前版本存在安全漏洞，该漏洞源于文件移动功能未阻止JavaScript注入，可能导致浏览器代码执行。

Description (English)

Files is a single file PHP application for Karl Ward’s personal developer. You can drag and drop into any directory, and you can browse through its files and directories. Files 0.16.9 and previous versions had a security loophole, which stemmed from the fact that the file mobile function did not prevent JavaScript injection, which could lead to browser code implementation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-02

Last Modified

2026-02-24

References

https://github.com/humhub/cfiles/commit/f022bdd1cc54334a7a2a6f90a8168bb9583a2f00 https://github.com/humhub/cfiles/releases/tag/v0.16.10 https://github.com/humhub/cfiles/security/advisories/GHSA-cw2v-c62w-5r43 https://access.redhat.com/security/cve/cve-2025-54789

Patch

https://github.com/humhub/cfiles/releases