FileCloud

Access

Admin interface: http://localhost/ui/admin/index.html
Default credentials: admin:password
API key default: apipassword

⚠ Warning — The /install endpoint exposes extended installation information and should be restricted immediately after setup.

Configuration

Primary config file: /var/www/html/config/cloudconfig.php

Storage options:

Local: /opt/fileclouddata
AWS S3 integration

User authentication supports local accounts or Active Directory.

Security Notes

File storage — Files are stored unencrypted in .dat format under /opt/fileclouddata. Direct filesystem access allows recovery of file contents. Sensitive files can also be queried via MongoDB: tonidostoragedb.items.

XSS in previews — QuickJS and LibreOffice handle in-browser previews. Stored XSS was possible via previews in versions prior to 23.241.2 (CVE-2025-26127), allowing authenticated users to hijack sessions.

Shares — As of version 23.241, shares default to private. Admin policy change required to enable public sharing.

██╗ ██████╗ ███████╗██╗███████╗███╗ ██╗██████╗ ██║██╔═══██╗██╔════╝██║██╔════╝████╗ ██║██╔══██╗ ██║██║ ██║█████╗ ██║█████╗ ██╔██╗ ██║██║ ██║ ██║██║ ██║██╔══╝ ██║██╔══╝ ██║╚██╗██║██║ ██║ ██║╚██████╔╝██║ ██║███████╗██║ ╚████║██████╔╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═══╝╚═════╝