CVE-2018-15535

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Aug/34 Exploit Mailing List Third Party Advisory
https://www.exploit-db.com/exploits/45271/ Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:*

Information

Published : 2018-08-24 12:29

Updated : 2018-10-17 10:29


NVD link : CVE-2018-15535

Mitre link : CVE-2018-15535


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

tecrail

  • responsive_filemanager