Directory Traversal and SSRF in Responsive FileManager by Trippo
CVE-2018-15495

7.5HIGH

Key Information:

Vendor: Tecrail
Status: Responsive Filemanager
Vendor: CVE Published:; 18 August 2018

What is CVE-2018-15495?

The Responsive FileManager prior to version 9.13.3 contains a vulnerability in the upload.php file which enables an attacker to exploit directory traversal and server-side request forgery (SSRF) issues. The vulnerability arises because the 'url' parameter is directly utilized in a call to curl_exec. This can potentially allow the execution of harmful commands or access to sensitive files, such as /etc/passwd, leading to further exploitation of the server.

References

https://github.com/trippo/ResponsiveFilemanager/blob/mast...

x_refsource_MISC

http://seclists.org/fulldisclosure/2018/Aug/9

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2018
Vulnerability Reserved
Aug 17, 2018

CVE-2018-15495 Data

JSON

Tecrail

What is CVE-2018-15495?

References

CVSS V3.1

Timeline