Vulnerabilities > Tecrail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-28 | CVE-2022-44276 | Unrestricted Upload of File with Dangerous Type vulnerability in Tecrail Responsive Filemanager In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. | 9.8 |
| 2023-02-02 | CVE-2022-46604 | Unrestricted Upload of File with Dangerous Type vulnerability in Tecrail Responsive Filemanager An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | 8.8 |
| 2022-07-25 | CVE-2017-20145 | Path Traversal vulnerability in Tecrail Responsive Filemanager A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. | 9.8 |
| 2020-03-30 | CVE-2020-11106 | Cross-site Scripting vulnerability in Tecrail Responsive Filemanager An issue was discovered in Responsive Filemanager through 9.14.0. | 6.1 |
| 2020-03-14 | CVE-2020-10567 | Improper Input Validation vulnerability in Tecrail Responsive Filemanager An issue was discovered in Responsive Filemanager through 9.14.0. | 9.8 |
| 2020-03-07 | CVE-2020-10212 | Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.4/9.14.0 upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. | 9.8 |
| 2019-02-25 | CVE-2018-20795 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php. | 7.5 |
| 2019-02-25 | CVE-2018-20794 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. | 7.5 |
| 2019-02-25 | CVE-2018-20793 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. | 7.5 |
| 2019-02-25 | CVE-2018-20792 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php. | 7.5 |