File Upload Vulnerability in Tecrail Responsive FileManager
CVE-2022-46604

8.8HIGH

Key Information:

Vendor: Tecrail
Status: Responsive Filemanager
Vendor: CVE Published:; 2 February 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 36%

What is CVE-2022-46604?

An issue exists in Tecrail Responsive FileManager v9.9.5 and earlier that allows attackers to circumvent the file extension validation process. This vulnerability enables unauthorized users to upload malicious PHP files, ultimately leading to the execution of arbitrary code on the server. This poses a serious risk, as attackers can exploit this weakness to gain control over the affected system, compromising data integrity and security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

ResponsiveFileManager-CVE-2022-46604
Created by galoget

References

https://medium.com/%40_sadshade/file-extention-bypass-in-...

https://github.com/trippo/ResponsiveFilemanager/blob/v9.9...

EPSS Score

36% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 3, 2023
👾
Exploit known to exist
Feb 3, 2023
Vulnerability published
Feb 2, 2023
Vulnerability Reserved
Dec 5, 2022

CVE-2022-46604 Data

JSON