Responsive Filemanager Security Vulnerabilities and Issues — Responsive Filemanager CVE List

Lucene search

TecrailResponsive Filemanager

9 matches found

CVE•added 2018/08/24 7:29 p.m.•69 views

CVE-2018-15535

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory,...

7.5CVSS6.1AI score0.80492EPSS

CVE•added 2018/10/10 9:29 p.m.•43 views

CVE-2018-18061

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.

7.5CVSS7.5AI score0.00204EPSS

CVE•added 2019/02/25 6:29 a.m.•36 views

CVE-2018-20793

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.

7.5CVSS7.5AI score0.01851EPSS

CVE•added 2019/02/25 6:29 a.m.•35 views

CVE-2018-20794

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.

7.5CVSS7.6AI score0.00822EPSS

CVE•added 2019/02/25 6:29 a.m.•31 views

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.

7.5CVSS7.5AI score0.01263EPSS

CVE•added 2018/08/18 2:29 a.m.•30 views

CVE-2018-15495

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.

7.5CVSS7.8AI score0.00414EPSS

CVE•added 2019/02/25 6:29 a.m.•30 views

CVE-2018-20795

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.

7.5CVSS7.5AI score0.01263EPSS

CVE•added 2019/02/25 6:29 a.m.•27 views

CVE-2018-20789

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.

7.5CVSS7.5AI score0.00634EPSS

CVE•added 2019/02/25 6:29 a.m.•27 views

CVE-2018-20790

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.

7.5CVSS7.6AI score0.00634EPSS