Path Traversal Vulnerability in tecrail Responsive FileManager by TecRail
CVE-2018-20790

7.5HIGH

Key Information:

Vendor: Tecrail
Status: Responsive Filemanager
Vendor: CVE Published:; 25 February 2019

Badges

👾 Exploit Exists

What is CVE-2018-20790?

The tecrail Responsive FileManager version 9.13.4 contains a vulnerability that allows remote attackers to exploit a path traversal flaw. By manipulating the paths in the delete_file action via execute.php, attackers can delete arbitrary files on the server, potentially leading to data loss and disruption of services. This security lapse highlights the importance of proper input validation mechanisms to safeguard against unauthorized file manipulation.

References

https://www.exploit-db.com/exploits/45987

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 25, 2019
👾
Exploit known to exist
Feb 25, 2019
Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Feb 25, 2019

CVE-2018-20790 Data

JSON

Tecrail

Badges

What is CVE-2018-20790?

References

CVSS V3.1

Timeline