CVE-2019-25632

Medium CVSS: 6.9

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files like /etc/passwd from the server.

Vendor

Dulldusk

Product

Phpfilemanager

CWE

CWE-306

Yayın Tarihi

2026-03-24 12:16:03

Güncelleme

2026-03-25 21:45:13

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 Phpfilemanager MEDIUM Dulldusk 2026

Referanslar

https://sourceforge.net/projects/phpfm/ https://www.exploit-db.com/exploits/46638 https://www.vulncheck.com/advisories/phpfilemanager-local-file-inclusion-via-index-php