CNNVD-202508-120 Information

Aug 02, 2025 cve

CNNVD ID

CNNVD-202508-120

CVE-2025-54790

  • CNNVD Published: 2025-08-02

Description (Chinese)

Files是Karl Ward个人开发者的一个单文件 PHP 应用程序。可以拖放到任何目录中,允许浏览其中的文件和目录。 Files 0.16.9及之前版本存在SQL注入漏洞,该漏洞源于未阻止后端SQL查询利用,可能导致未授权数据访问。

Description (English)

Files is a single file PHP application for Karl Ward’s personal developer. You can drag and drop into any directory, and you can browse through its files and directories. Files 0.16.9 and previous versions had an injection loophole in SQL, which had resulted from failure to prevent back-end SQL queries from being used, which could lead to unauthorized data access.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2025-08-02

Last Modified

2026-02-24

References

https://github.com/humhub/cfiles/security/advisories/GHSA-rfvq-g9rm-pgqj https://github.com/humhub/cfiles/releases/tag/v0.16.10 https://github.com/humhub/cfiles/pull/252 https://access.redhat.com/security/cve/cve-2025-54790

Patch

https://github.com/humhub/cfiles/releases

Share on: