CVE-2018-15535
Responsive FileManager < 9.13.4 - Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.
/filemanager/ajax_calls.php en tecrail Responsive FileManager en versiones anteriores a la 9.13.4 emplea entradas externas para construir un nombre de ruta que debería estar en un directorio restringido, pero no neutraliza correctamente las secuencias get_file como ".." que pueden resolverse en una ubicación fuera de ese directorio. Esto también se conoce como salto de directorio.
Responsive FileManager version 9.13.4 suffers from multiple path traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-19 CVE Reserved
- 2018-08-23 CVE Published
- 2024-06-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/45271 | 2024-08-05 | |
| http://seclists.org/fulldisclosure/2018/Aug/34 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tecrail Search vendor "Tecrail" | Responsive Filemanager Search vendor "Tecrail" for product "Responsive Filemanager" | < 9.13.4 Search vendor "Tecrail" for product "Responsive Filemanager" and version " < 9.13.4" | - |
Affected
| ||||||