4 matches found
CVE-2018-15535
The CVE-2018-15535 issue affects tecrail Responsive FileManager prior to 9.13.4. An attacker can abuse filemanager/ajax_calls.php to construct a file path using external input and insufficient neutralization of “..” sequences, enabling Directory Traversal/Local File Inclusion. Impact described ac...
CVE-2022-44276
CVE-2022-44276 affects Responsive Filemanager prior to 9.12.0. The vulnerability allows bypassing upload restrictions in the file upload workflow, enabling remote code execution (RCE). Technical details from the PoC show exploitation via manipulated filenames and MIME-check logic (e.g., fix_filen...
CVE-2018-15536
CVE-2018-15536 affects tecrail Responsive FileManager prior to 9.13.4. The /filemanager/ajax_calls.php file does not properly validate file paths in archives, permitting a crafted archive extraction that overwrites arbitrary files (directory traversal). Public disclosures and exploits reference p...
CVE-2018-15495
CVE-2018-15495 affects Responsive FileManager prior to 9.13.3. The vulnerability allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, demonstrated by file:///etc/passwd. Several connected records (OSV and related entries) note that a fix existed but ...