/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
References
| Link | Resource |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/34 | Exploit Mailing List Third Party Advisory |
| https://www.exploit-db.com/exploits/45271/ | Exploit Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2018/Aug/34 | Exploit Mailing List Third Party Advisory |
| https://www.exploit-db.com/exploits/45271/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:51
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://seclists.org/fulldisclosure/2018/Aug/34 - Exploit, Mailing List, Third Party Advisory | |
| References | () https://www.exploit-db.com/exploits/45271/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2018-08-24 19:29
Updated : 2024-11-21 03:51
NVD link : CVE-2018-15536
Mitre link : CVE-2018-15536
CVE.ORG link : CVE-2018-15536
JSON object : View
Products Affected
tecrail
- responsive_filemanager
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')