CNNVD-202511-2818 Information
CNNVD ID
CNNVD-202511-2818
Related CVE
- CNNVD Published: 2025-11-26
Description (Chinese)
Files是Karl Ward个人开发者的一个单文件 PHP 应用程序。可以拖放到任何目录中,允许浏览其中的文件和目录。 Files 0.16.11和0.17.2之前版本存在授权问题漏洞,该漏洞源于授权检查不足,可能导致非成员用户在公共空间创建文件夹和上传下载文件。
Description (English)
Files is a single file PHP application for Karl Ward’s personal developer. You can drag and drop into any directory, and you can browse through its files and directories. The pre-Files 0.16.11 and 0.17.2 versions had a mandate gap, which stemmed from inadequate authorization checks and could lead non-member users to create folders and upload downloads in public spaces.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
个人开发者
Published
2025-11-26
Last Modified
2026-02-24
References
https://github.com/humhub/cfiles/commit/75698f8e8f360cea470f0e9f264015b697ab4c09 https://github.com/humhub/cfiles/security/advisories/GHSA-rv2x-7qwp-2hf4 https://access.redhat.com/security/cve/cve-2025-65963
Patch
https://github.com/humhub/cfiles/releases
Share on: