A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/filebrowser/filebrowser/v2(Go) | 0 | 2.18.0 | N/A |
CVSS Metrics
