Responsive Filemanager
by Packagist
Source repositories
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14728 | 0.10 | — | 0.91 | Aug 3, 2018 | upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. | |||
| CVE-2022-46604 | 0.06 | — | 0.37 | Feb 2, 2023 | An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | |||
| CVE-2022-44276 | 0.02 | — | 0.27 | Jun 28, 2023 | In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. | |||
| CVE-2018-15535 | 0.02 | — | 0.79 | Aug 24, 2018 | /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is… | |||
| CVE-2017-20145 | 0.00 | — | 0.01 | Jul 25, 2022 | A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to… | |||
| CVE-2018-20791 | 0.00 | — | 0.00 | Feb 25, 2019 | tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. | |||
| CVE-2018-20792 | 0.00 | — | 0.01 | Feb 25, 2019 | tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php. | |||
| CVE-2018-20794 | 0.00 | — | 0.01 | Feb 25, 2019 | tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. | |||
| CVE-2018-20790 | 0.00 | — | 0.01 | Feb 25, 2019 | tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php. | |||
| CVE-2018-20789 | 0.00 | — | 0.01 | Feb 25, 2019 | tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php. | |||
| CVE-2018-20793 | 0.00 | — | 0.01 | Feb 25, 2019 | tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. | |||
| CVE-2018-20795 | 0.00 | — | 0.01 | Feb 25, 2019 | tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php. | |||
| CVE-2018-18867 | 0.00 | — | 0.00 | Oct 31, 2018 | An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | |||
| CVE-2018-18062 | 0.00 | — | 0.00 | Oct 10, 2018 | An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2018-18061 | 0.00 | — | 0.00 | Oct 10, 2018 | An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. | |||
| CVE-2018-15536 | 0.00 | — | 0.07 | Aug 24, 2018 | /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. |
- CVE-2018-14728Aug 3, 2018risk 0.10cvss —epss 0.91
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
- CVE-2022-46604Feb 2, 2023risk 0.06cvss —epss 0.37
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
- CVE-2022-44276Jun 28, 2023risk 0.02cvss —epss 0.27
In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.
- CVE-2018-15535Aug 24, 2018risk 0.02cvss —epss 0.79
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is…
- CVE-2017-20145Jul 25, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to…
- CVE-2018-20791Feb 25, 2019risk 0.00cvss —epss 0.00
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
- CVE-2018-20792Feb 25, 2019risk 0.00cvss —epss 0.01
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
- CVE-2018-20794Feb 25, 2019risk 0.00cvss —epss 0.01
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
- CVE-2018-20790Feb 25, 2019risk 0.00cvss —epss 0.01
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
- CVE-2018-20789Feb 25, 2019risk 0.00cvss —epss 0.01
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
- CVE-2018-20793Feb 25, 2019risk 0.00cvss —epss 0.01
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
- CVE-2018-20795Feb 25, 2019risk 0.00cvss —epss 0.01
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
- CVE-2018-18867Oct 31, 2018risk 0.00cvss —epss 0.00
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.
- CVE-2018-18062Oct 10, 2018risk 0.00cvss —epss 0.00
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.
- CVE-2018-18061Oct 10, 2018risk 0.00cvss —epss 0.00
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.
- CVE-2018-15536Aug 24, 2018risk 0.00cvss —epss 0.07
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.