CVE-2018-20791

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the mediapreview action...

CVE-2018-20789

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the getfile action in ajaxcalls.php...

CVE-2018-20789

Product : tecrail Responsive FileManager 9.13.4. Vulnerability : path traversal mitigation bypass in the delete_folder action of execute.php, allowing a remote attacker to delete an arbitrary directory. Root cause : bypasses a path traversal check. Impact : arbitrary directory deletion as stated....

CVE-2018-20791

CVE-2018-20791 affects tecrail Responsive FileManager 9.13.4. The issue is an XSS via a media file upload, caused by mishandling of the media_preview action, allowing an attacker to inject script/HTML through the filename. Connected sources confirm the product/version and the vulnerability class;...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 contains a path traversal vulnerability in ajax_calls.php (get_file action). Insufficient sanitization of directory traversal characters allows remote attackers to read arbitrary files. The issue is documented across multiple sources (NVD/CVE entries and vend...

CVE-2018-20790

The CVE-2018-20790 entry affects tecrail Responsive FileManager 9.13.4. A path traversal vulnerability exists in the delete_file action within execute.php, where a paths[0] traversal mitigation can be bypassed, enabling remote attackers to delete arbitrary files. This is initiated via the delete_...

CVE-2018-20795

CVE-2018-20795 affects tecrail Responsive FileManager 9.13.4. The vulnerability is a path traversal in file access that lets remote attackers read arbitrary files via a path parameter. Specifically, the issue is triggered through the copy_cut action in ajax_calls.php and the paste_clipboard actio...

CVE-2018-20793

The CVE-2018-20793 entry concerns tecrail Responsive FileManager version 9.13.4. A path traversal mitigation bypass in the create_file action of execute.php allows remote attackers to write arbitrary files, due to improper handling of paths[0]. This is a remote, unauthenticated vulnerability with...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12903)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in tecrail Responsive FileManager version 9.13.4. A remote attacke...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12901)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'createfile' function of the execute.php file in version...

tecrail Responsive FileManager Cross-Site Scripting Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A cross-site scripting vulnerability exists in version 9.13.4 of tecrail Responsive FileManager. A remot...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12900)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'getfile' function of the ajaxcalls.php file in version...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12902)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'saveimg' function of the ajaxcalls.php file in version...

tecrail Responsive FileManager Arbitrary Directory Deletion Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A security vulnerability exists in the 'deletefolder' function of the execute.php file in version 9.13.4...

Responsive FileManager 9.13.4 - Multiple Vulnerabilities

Responsive FileManager 9.13.4 - Multiple Vulnerabilities Date: December 12, 2018 Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.4/responsivefilemanager.zip Responsive FileManag...

CVE-2018-18061

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files...

CVE-2018-18062

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

CVE-2018-18062

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

CVE-2018-18061

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files...