Vulnerabilities > Tecrail

DATE CVE VULNERABILITY TITLE RISK
2020-03-30 CVE-2020-11106 Cross-site Scripting vulnerability in Tecrail Responsive Filemanager
An issue was discovered in Responsive Filemanager through 9.14.0.
network
tecrail CWE-79
4.3
2020-03-14 CVE-2020-10567 Improper Input Validation vulnerability in Tecrail Responsive Filemanager
An issue was discovered in Responsive Filemanager through 9.14.0.
network
low complexity
tecrail CWE-20
7.5
2020-03-07 CVE-2020-10212 Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.4/9.14.0
upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address.
network
low complexity
tecrail CWE-918
7.5
2019-02-25 CVE-2018-20795 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
network
low complexity
tecrail CWE-22
5.0
2019-02-25 CVE-2018-20794 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
network
low complexity
tecrail CWE-22
5.0
2019-02-25 CVE-2018-20793 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
network
low complexity
tecrail CWE-22
5.0
2019-02-25 CVE-2018-20792 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
network
low complexity
tecrail CWE-22
5.0
2019-02-25 CVE-2018-20791 Cross-site Scripting vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
network
tecrail CWE-79
4.3
2019-02-25 CVE-2018-20790 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
network
low complexity
tecrail CWE-22
6.4
2019-02-25 CVE-2018-20789 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
network
low complexity
tecrail CWE-22
6.4