CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2018-20795
https://notcve.org/view.php?id=CVE-2018-20795
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php. tecrail Responsive FileManager 9.13.4 permite que los atacantes remotos lean archivos arbitrarios mediante un salto de directorio con el parámetro "path" mediante la acción copy_cut en ajax_calls.php y la acción paste_clipboard en execute.php. • https://www.exploit-db.com/exploits/45987 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20789
https://notcve.org/view.php?id=CVE-2018-20789
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php. tecrail Responsive FileManager 9.13.4 permite que los atacantes remotos eliminen un directorio arbitrario como consecuencia de una omisión de la mitigación del salto de directorio de paths[0] mediante la acción delete_folder en execute.php. • https://www.exploit-db.com/exploits/45987 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20793
https://notcve.org/view.php?id=CVE-2018-20793
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. tecrail Responsive FileManager 9.13.4 permite que los atacantes remotos escriban en un archivo arbitrario como consecuencia de una omisión de la mitigación del salto de directorio de paths[0] mediante la acción create_file en execute.php. • https://www.exploit-db.com/exploits/45987 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20791
https://notcve.org/view.php?id=CVE-2018-20791
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. tecrail Responsive FileManager 9.13.4 permite Cross-Site Scripting (XSS) mediante la subida de un archivo multimedia con una carga útil XSS en el nombre. Esto se debe a la gestión errónea de la acción media_preview. • https://www.exploit-db.com/exploits/45987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20794
https://notcve.org/view.php?id=CVE-2018-20794
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. tecrail Responsive FileManager 9.13.4 permite que los atacantes remotos escriban en un archivo de imagen arbitrario (jpg/jpeg/png) mediante un salto de directorio con el parámetro "path" mediante la acción save_img en ajax_calls.php. • https://www.exploit-db.com/exploits/45987 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •