Vulnerabilities > Tecrail > Responsive Filemanager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-30 | CVE-2020-11106 | Cross-site Scripting vulnerability in Tecrail Responsive Filemanager An issue was discovered in Responsive Filemanager through 9.14.0. | 4.3 |
| 2019-02-25 | CVE-2018-20795 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php. | 5.0 |
| 2019-02-25 | CVE-2018-20794 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. | 5.0 |
| 2019-02-25 | CVE-2018-20793 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. | 5.0 |
| 2019-02-25 | CVE-2018-20792 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php. | 5.0 |
| 2019-02-25 | CVE-2018-20791 | Cross-site Scripting vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. | 4.3 |
| 2019-02-25 | CVE-2018-20790 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php. | 6.4 |
| 2019-02-25 | CVE-2018-20789 | Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4 tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php. | 6.4 |
| 2018-10-31 | CVE-2018-18867 | Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.4 An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. | 5.0 |
| 2018-10-10 | CVE-2018-18062 | Cross-site Scripting vulnerability in Tecrail Responsive Filemanager 9.8.1 An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. | 4.3 |