CVE-2025-46001 | Filemanager 2.3.0 PHP File is_allowed_file_type unrestricted upload (Exploit 38895 / EDB-38895)

Inserito da Angelo Barbosa | Lug 18, 2025 | CVE

A vulnerability, which was classified as critical, was found in Filemanager 2.3.0. Affected is the function is_allowed_file_type of the component PHP File Handler. The manipulation leads to unrestricted upload.

This vulnerability is traded as CVE-2025-46001. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-46001 | Filemanager 2.3.0 PHP File is_allowed_file_type unrestricted upload (Exploit 38895 / EDB-38895)

Post correlati

CVE-2025-22585 | themebon Ultimate Image Hover Effects Plugin up to 1.1.2 on WordPress cross site scripting

CVE-2024-13639 | edmonparker Read More & Accordion Plugin up to 3.4.2 on WordPress expmDeleteData authorization

CVE-2020-26627 | Hospital Management System 4.0 Admin Remark sql injection (ID 176302)

CVE-2024-45276 | MB Connect Line mbNET.mini up to 2.2.13 /tmp file access (VDE-2024-056)