Path Traversal Vulnerability in Tecrail Responsive FileManager by Tecrail
CVE-2018-20792

7.5HIGH

Key Information:

Vendor: Tecrail
Status: Responsive Filemanager
Vendor: CVE Published:; 25 February 2019

Badges

👾 Exploit Exists

What is CVE-2018-20792?

The Tecrail Responsive FileManager version 9.13.4 contains a vulnerability that allows remote attackers to read arbitrary files on the server. By exploiting a path traversal flaw through the path parameter in the get_file action of the ajax_calls.php file, attackers can manipulate file paths and gain unauthorized access to sensitive server files. This vulnerability highlights the importance of validating user input and securing file access methods to prevent unauthorized data exposure.

References

https://www.exploit-db.com/exploits/45987

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 25, 2019
👾
Exploit known to exist
Feb 25, 2019
Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Feb 25, 2019

CVE-2018-20792 Data

JSON