Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-30580 | 1 Leefish | 1 File Thingie | 2026-04-01 | N/A | 4.3 MEDIUM |
| File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system. | |||||
| CVE-2026-30579 | 1 Leefish | 1 File Thingie | 2026-04-01 | N/A | 6.5 MEDIUM |
| File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload. | |||||
| CVE-2026-30578 | 1 Leefish | 1 File Thingie | 2026-04-01 | N/A | 6.5 MEDIUM |
| File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code. | |||||
| CVE-2023-53942 | 1 Leefish | 1 File Thingie | 2025-12-31 | N/A | 8.8 HIGH |
| File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter. | |||||