Tecrail Responsive Filemanager — known CVE vulnerabilities
Every CVE whose affected-product data names Tecrail Responsive Filemanager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2020-10567 — CVSS 9.8 (critical): An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter…
CVE-2020-10212 — CVSS 9.8 (critical): upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and…
CVE-2022-46604 — CVSS 8.8 (high): An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a…
CVE-2018-18867 — CVSS 8.6 (high): An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of…
CVE-2018-18061 — CVSS 7.5 (high): An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that…
CVE-2018-15535 — CVSS 7.5 (high): /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be…
CVE-2018-20789 — CVSS 7.5 (high): tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path…
CVE-2018-20790 — CVSS 7.5 (high): tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal…
CVE-2018-15495 — CVSS 7.5 (high): /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used…
CVE-2018-20792 — CVSS 7.5 (high): tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through…
CVE-2018-20793 — CVSS 7.5 (high): tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal…
CVE-2018-20794 — CVSS 7.5 (high): tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with…
CVE-2018-20795 — CVSS 7.5 (high): tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through…
CVE-2017-20145 — CVSS 6.3 (medium): A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path…
CVE-2018-20791 — CVSS 6.1 (medium): tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the…
CVE-2020-11106 — CVSS 6.1 (medium): An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"]…
CVE-2018-18062 — CVSS 6.1 (medium): An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to…
CVE-2018-15536 — CVSS 5.5 (medium): /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for…