Skip to content
CVE-2019-12457|FileRun application has many listing vulnerabilities.
Branch: master
Clone or download
Latest commit f1e454c May 30, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Update README.md May 30, 2019

README.md

FileRun Vulnerabilities and Exploits

FileRun application has many vulnerabilities.

CVE-2019-12457 - CVE-2019-12458 - CVE-2019-12459

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12457

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12458

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12459

PoC - Directory Listing

http://[server]/filerun/images/extjs/
http://[server]/filerun/css/ext-ux/
http://[server]/filerun/customizables/plugins/audio_player/

alt tag

alt tag

alt tag

Remediation

You should make sure the directory does not contain sensitive information or you may want to restrict directory listings from the web server configuration.

You can’t perform that action at this time.