3 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the "view" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF']["view_type"] variable, but there it wasn't sanitized. Se detectó un problema en Responsive Filemanager versiones hasta 9.14.0. • https://github.com/trippo/ResponsiveFilemanager/issues/603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.) Se detectó un problema en Responsive Filemanager versiones hasta 9.14.0. • http://packetstormsecurity.com/files/171280/ZwiiCMS-12.2.04-Remote-Code-Execution.html https://github.com/trippo/ResponsiveFilemanager/issues/600 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the PATH_INFO. Also, an attacker could create a DNS hostname that resolves to the 0.0.0.0 IP address for DNS pinning. NOTE: this issue exists because of an incomplete fix for CVE-2018-14728. El archivo upload.php en Responsive FileManager versiones 9.13.4 y 9.14.0, permite un ataque de tipo SSRF por medio del parámetro url porque el bloqueo de la extensión de archivo se maneja inapropiadamente y porque es posible que un nombre de host DNS se resuelva en una dirección IP interna. • https://github.com/trippo/ResponsiveFilemanager/issues/598 • CWE-918: Server-Side Request Forgery (SSRF) •