Server-Side Request Forgery Vulnerability in tecrail Responsive FileManager
CVE-2018-18867

8.6HIGH

Key Information:

Vendor: Tecrail
Status: Responsive Filemanager
Vendor: CVE Published:; 31 October 2018

What is CVE-2018-18867?

The tecrail Responsive FileManager version 9.13.4 is susceptible to a Server-Side Request Forgery (SSRF) vulnerability through the 'upload.php' URL parameter. This flaw allows attackers to send unauthorized requests from the server, potentially exposing sensitive internal services or resources. The issue arises from an incomplete remediation of a previous vulnerability, specifically CVE-2018-15495, necessitating immediate attention to mitigate associated risks.

References

https://github.com/trippo/ResponsiveFilemanager/issues/506

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2018
Vulnerability Reserved
Oct 31, 2018

CVE-2018-18867 Data

JSON

Tecrail

What is CVE-2018-18867?

References

CVSS V3.1

Timeline