Description
Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/humhub/cfiles/security/advisories/GHSA-rfvq-g9rm-pgqj
Issue Tracking x_refsource_misc
https://github.com/humhub/cfiles/pull/252
Release Notes x_refsource_misc
https://github.com/humhub/cfiles/releases/tag/v0.16.10
Scores
CVSS v3
6.5
EPSS
0.0029
EPSS Percentile
20.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
humhub/files
< 0.16.10
Published
Aug 02, 2025
Tracked Since
Feb 18, 2026