Owlfiles File Manager 12.0.1 - Path Traversal | Advisories

Advisories

Owlfiles File Manager 12.0.1 - Path Traversal

severity: high
date: January 13, 2026
Affecting: Owlfiles File Manager 12.0.1
CVE: CVE-2022-50890
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-51036
Vendor Homepage
Official App Store Listing
Credit: Chokri Hammedi
Description: Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device.