Afian FileRun is a full-featured web-based file manager. sql injection vulnerability exists in Afian Filerun version 20220202, which stems from a lack of cleanup of the POST parameter metadata[] in the /?module=fileman§ion=get&page=grid page. An attacker could exploit this vulnerability to cause SQL injection.