CVE-2018-14728

Vulnerability

Responsive FileManager version 9.13.1 contains a Server-Side Request Forgery (SSRF) vulnerability in upload.php. The url parameter is not properly sanitized, allowing an attacker to make the server issue requests to arbitrary URLs. This affects the core functionality of the file manager's remote upload feature [1].

Exploitation

An attacker can exploit this by sending a crafted HTTP request to upload.php with a malicious url parameter pointing to an internal or external target. No authentication is required if the application is exposed; the attacker only needs network access to the vulnerable server. The server will then fetch the resource from the specified URL [1].

Impact

Successful exploitation allows the attacker to perform SSRF attacks, which can lead to scanning of internal network services, accessing metadata endpoints (e.g., cloud instance metadata), or interacting with other internal systems. This can result in information disclosure and potential escalation to more severe attacks [1].

Mitigation

As of the publication date, no official patch was available in version 9.13.1. Users should upgrade to a later version of Responsive FileManager if a fix has been released. In the absence of a patch, restrict network access to the application and disable the remote upload feature if not needed [1].