Liquidfiles Liquidfiles
9 CVEs affecting Liquidfiles Liquidfiles. Latest disclosed: 2026-06-20. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-46093 | Critical | 9.9 | 2025-08-04 | LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging… |
CVE-2020-29071 | Critical | 9.0 | 2020-11-25 | An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform… |
CVE-2021-43397 | High | 8.8 | 2021-11-11 | LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. |
CVE-2025-56132 | High | 7.3 | 2025-09-30 | LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable response… |
CVE-2020-29072 | Medium | 6.1 | 2020-11-25 | A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and succ… |
CVE-2023-4393 | Medium | 5.4 | 2023-10-30 | HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against… |
CVE-2021-30140 | Medium | 5.4 | 2021-04-06 | LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and co… |
CVE-2025-46094 | Low | 3.8 | 2025-08-04 | LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript. |
CVE-2026-12673 | | 2026-06-20 | Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain… |