Vulnerability CVE-2018-18061


Published: 2018-10-10

Description:
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.

Type:

CWE-287

(Improper Authentication)

Vendor: Tecrail
Product: Responsive filemanager 
Version: 9.8.1;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
https://seclists.org/bugtraq/2018/Oct/25

Related CVE
CVE-2018-18867
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.
CVE-2018-18062
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.

Copyright 2018, cxsecurity.com

 

Back to Top