PT-2018-12685 · Responsive Filemanager · Responsive Filemanager

Guia Brahim Fouad

Published

2018-08-03

Updated

2019-06-17

CVE-2018-14728

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Responsive FileManager version 9.13.1

Description The issue allows for Server-Side Request Forgery (SSRF) via the url parameter in the upload.php file.

Recommendations For Responsive FileManager version 9.13.1, consider restricting access to the upload.php file or the url parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the url parameter in the upload.php file until a patch is available.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2018-14728

Affected Products

Responsive Filemanager

PT-2018-12685 · Responsive Filemanager · Responsive Filemanager

CVE-2018-14728

Weakness Enumeration

Related Identifiers

Affected Products

References · 4