CVE-2018-15536

Name of the Vulnerable Software and Affected Versions tecrail Responsive FileManager versions prior to 9.13.4

Description The issue concerns a directory traversal problem. It arises from the improper validation of file paths in archives by the /filemanager/ajax calls.php endpoint. This allows attackers to craft archives that, when extracted, can overwrite arbitrary files on the system via an extract action.

Recommendations For versions prior to 9.13.4, update to version 9.13.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /filemanager/ajax calls.php endpoint to minimize the risk of exploitation.