CVE-2022-46604

Name of the Vulnerable Software and Affected Versions Tecrail Responsive FileManager versions 9.9.5 and below

Description An issue in Tecrail Responsive FileManager allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. This has been observed to be used by threat actors.

Recommendations For versions 9.9.5 and below, consider disabling the file upload feature until a patch is available to prevent arbitrary code execution. Restrict access to the file extension check mechanism to minimize the risk of exploitation. Avoid using the file upload feature in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.