Directory traversal

2018-08-2419:29:00

PRIOn knowledge base

www.prio-n.com

0.969 High

EPSS

Percentile

99.7%

JSON

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as “…” that can resolve to a location that is outside of that directory, aka Directory Traversal.

CPENameOperatorVersion
responsive_filemanagerlt9.13.4

CPE	Name	Operator	Version
	responsive_filemanager	lt	9.13.4

References

seclists.org/fulldisclosure/2018/Aug/34

www.exploit-db.com/exploits/45271/

0.969 High

EPSS

Percentile

99.7%

JSON

Related for PRION:CVE-2018-15535