VULHUB ™

It has been reported that Simple File Manager fails to sufficiently sanitize user-supplied data. As it is possible for a remote user to supply data that is used within dynamically generated web pages, it may be possible to launch HTML injection attacks. Injected HTML code may be executed in the browser of a legitimate web user who views a malicious filename. Any code executed would be in the context of the website running Simple File Manager.

It has been reported that Simple File Manager fails to sufficiently sanitize user-supplied data. As it is possible for a remote user to supply data that is used within dynamically generated web pages, it may be possible to launch HTML injection attacks. Injected HTML code may be executed in the browser of a legitimate web user who views a malicious filename. Any code executed would be in the context of the website running Simple File Manager.