CVE-2025-10232 | 299ko up to 2.0.0 FileManagerAPIController.php getSentDir/delete path traversal

Inserito da Angelo Barbosa | Set 10, 2025 | CVE

A vulnerability, which was classified as critical, was found in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal.

This vulnerability is registered as CVE-2025-10232. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10232 | 299ko up to 2.0.0 FileManagerAPIController.php getSentDir/delete path traversal

Post correlati

CVE-2024-10383 | GitLab VSCode Fork prior 1.89.1-1.0.0-dev-20241118094343 cross site scripting (Issue 500785)

CVE-2024-4145 | Search & Replace Plugin up to 3.2.1 on WordPress sql injection

CVE-2023-48376 | SmartStar CWS Web-Base 10.25 unrestricted upload

CVE-2024-1833 | SourceCodester Employee Management System 1.0 /Account/login.php txtusername sql injection