Path Traversal Vulnerability in Tecrail Responsive FileManager
CVE-2018-20793

7.5HIGH

Key Information:

Vendor: Tecrail
Status: Responsive Filemanager
Vendor: CVE Published:; 25 February 2019

Badges

👾 Exploit Exists

What is CVE-2018-20793?

The Tecrail Responsive FileManager version 9.13.4 is susceptible to a path traversal vulnerability that allows remote attackers to write to arbitrary files. This issue arises from a bypass in the paths[0] parameter during the create_file action in execute.php. If exploited, this vulnerability could lead to unauthorized file system modifications, potentially compromising the integrity of the affected system.

References

https://www.exploit-db.com/exploits/45987

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 25, 2019
👾
Exploit known to exist
Feb 25, 2019
Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Feb 25, 2019

CVE-2018-20793 Data

JSON