Path Traversal Flaw in tecrail Responsive FileManager
CVE-2018-20789

7.5HIGH

Key Information:

Vendor: Tecrail
Status: Responsive Filemanager
Vendor: CVE Published:; 25 February 2019

Badges

👾 Exploit Exists

What is CVE-2018-20789?

The tecrail Responsive FileManager version 9.13.4 is susceptible to a path traversal vulnerability that permits remote attackers to delete arbitrary directories. This occurs due to a failure in the paths[0] path traversal mitigation when executing the delete_folder action found in execute.php. This vulnerability highlights the importance of validating user input properly to prevent unauthorized access and modifications to server file systems.

References

https://www.exploit-db.com/exploits/45987

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 25, 2019
👾
Exploit known to exist
Feb 25, 2019
Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Feb 25, 2019

CVE-2018-20789 Data

JSON

Tecrail

Badges

What is CVE-2018-20789?

References

CVSS V3.1

Timeline