5 matches found
Design/Logic Flaw
upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...
CVE-2020-10212
CVE-2020-10212 concerns Responsive FileManager. The vulnerability is an SSRF in upload.php via the url parameter, affecting 9.13.4 and 9.14.0, with the issue rooted in how file-extension blocking is handled and DNS hostnames resolving to internal IPs; this is noted as a consequence of an incomple...
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter...
CVE-2018-14728
CVE-2018-14728 affects Responsive FileManager 9.13.1 where the upload.php endpoint allows a server‑side request forgery (SSRF) via the parameter. The issue is documented in multiple sources (NVD entry for CVE‑2018‑14728 and the Nuclei template) and is classified as high/critical impact (NS: netw...
Responsive Filemanager 9.13.1 - Server-Side Request Forgery
Exploit Title: Responsive filemanager 9.13.1 - Server-Side Request Forgery Date: 2018-07-29 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsivefilemanager.zip...