Lucene search

[email protected]CVE-2022-46604

HistoryFeb 02, 2023 - 1:15 p.m.

CVE-2022-46604

2023-02-0213:15:09

CWE-434

[email protected]

web.nvd.nist.gov

cve-2022-46604

tecrail responsive filemanager

security issue

file extension bypass

arbitrary code execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.

Affected configurations

NVD

Node

tecrailresponsive_filemanagerRange≤9.9.5

CPENameOperatorVersion
tecrail:responsive_filemanagertecrail responsive filemanagerle9.9.5

CPE	Name	Operator	Version
tecrail:responsive_filemanager	tecrail responsive filemanager	le	9.9.5

References

packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html

github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute.php

github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt

medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-9-5-5-leading-to-rce-authenticated-3290eddc54e7

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

Related for CVE-2022-46604

osv1 packetstorm1 nvd1 zdt1 cvelist1 githubexploit1 prion1 exploitdb1