Vulnerabilities > Tecrail > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-30 CVE-2020-11106 Cross-site Scripting vulnerability in Tecrail Responsive Filemanager
An issue was discovered in Responsive Filemanager through 9.14.0.
network
tecrail CWE-79
4.3
2019-02-25 CVE-2018-20795 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
network
low complexity
tecrail CWE-22
5.0
2019-02-25 CVE-2018-20794 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
network
low complexity
tecrail CWE-22
5.0
2019-02-25 CVE-2018-20793 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
network
low complexity
tecrail CWE-22
5.0
2019-02-25 CVE-2018-20792 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
network
low complexity
tecrail CWE-22
5.0
2019-02-25 CVE-2018-20791 Cross-site Scripting vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
network
tecrail CWE-79
4.3
2019-02-25 CVE-2018-20790 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
network
low complexity
tecrail CWE-22
6.4
2019-02-25 CVE-2018-20789 Path Traversal vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
network
low complexity
tecrail CWE-22
6.4
2018-10-31 CVE-2018-18867 Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.4
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter.
network
low complexity
tecrail CWE-918
5.0
2018-10-10 CVE-2018-18062 Cross-site Scripting vulnerability in Tecrail Responsive Filemanager 9.8.1
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1.
network
tecrail CWE-79
4.3