CVE-2018-15535

Name of the Vulnerable Software and Affected Versions tecrail Responsive FileManager versions prior to 9.13.4

Description The issue allows an attacker to traverse directories by manipulating the pathname constructed from external input in the /filemanager/ajax calls.php file. This is due to the failure to properly neutralize sequences such as .. that can resolve to a location outside the intended directory.

Recommendations For versions prior to 9.13.4, update to version 9.13.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /filemanager/ajax calls.php file to minimize the risk of exploitation.