CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20793
https://notcve.org/view.php?id=CVE-2018-20793
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. tecrail Responsive FileManager 9.13.4 permite que los atacantes remotos escriban en un archivo arbitrario como consecuencia de una omisión de la mitigación del salto de directorio de paths[0] mediante la acción create_file en execute.php. • https://www.exploit-db.com/exploits/45987 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20791
https://notcve.org/view.php?id=CVE-2018-20791
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. tecrail Responsive FileManager 9.13.4 permite Cross-Site Scripting (XSS) mediante la subida de un archivo multimedia con una carga útil XSS en el nombre. Esto se debe a la gestión errónea de la acción media_preview. • https://www.exploit-db.com/exploits/45987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20794
https://notcve.org/view.php?id=CVE-2018-20794
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. tecrail Responsive FileManager 9.13.4 permite que los atacantes remotos escriban en un archivo de imagen arbitrario (jpg/jpeg/png) mediante un salto de directorio con el parámetro "path" mediante la acción save_img en ajax_calls.php. • https://www.exploit-db.com/exploits/45987 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18867
https://notcve.org/view.php?id=CVE-2018-18867
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. Se ha descubierto un problema Server-Side Request Forgery (SSRF) en tecrail Responsive FileManager 9.13.4 mediante el parámetro url en upload.php. NOTA: este problema existe debido a una solución incompleta para CVE-2018-15495. • https://github.com/trippo/ResponsiveFilemanager/issues/506 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18062 – Responsive Filemanager 9.8.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-18062
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. Se ha descubierto un problema en dialog.php en tecrail Responsive FileManager 9.8.1. Una vulnerabilidad Cross-Site Scripting (XSS) reflejado permite que atacantes remotos inyecten scripts web o HTLM arbitrarios. Responsive Filemanager version 9.8.1 suffers from a cross site scripting vulnerability. • https://seclists.org/bugtraq/2018/Oct/26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •