Vulnerabilities > CVE-2018-14728 - Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.1

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
tecrail
CWE-918
critical
exploit available
NVD
Published: 2018-08-03
Updated: 2019-06-17

Summary

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.

Vulnerable Configurations

Part Description Count
Application
Tecrail
1

Common Weakness Enumeration (CWE)

Exploit-Db

fileexploits/linux/webapps/45103.txt
idEDB-ID:45103
last seen2018-11-30
modified2018-07-30
platformlinux
port
published2018-07-30
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/45103
titleResponsive Filemanager 9.13.1 - Server-Side Request Forgery
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148742/responsivefm9131-ssrf.txt
idPACKETSTORM:148742
last seen2018-07-31
published2018-07-29
reporterGuia Brahim Fouad
sourcehttps://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html
titleResponsive Filemanager 9.13.1 Server-Side Request Forgery

References