Donot-Wong

**Name of the Vulnerable Software and Affected Versions** tecrail Responsive FileManager version 9.13.4 **Description** A Server-Side Request Forgery (SSRF) issue was discovered in the software. The issue is related to an incomplete fix for a previous problem and can be exploited via the "url" parameter in the "upload.php" endpoint. **Recommendations** For version 9.13.4, as a temporary workaround, consider restricting access to the "upload.php" endpoint until a patch is available. Avoid using the `url` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.