vendor:
Responsive Filemanager
by:
GUIA BRAHIM FOUAD
9.8
CVSS
CRITICAL
Server-Side Request Forgery
918
CWE
Product Name: Responsive Filemanager
Affected Version From: 9.13.1
Affected Version To: 9.13.1
Patch Exists: YES
Related CWE: CVE-2018-14728
CPE: 2.3:a:responsivefilemanager:responsive_filemanager:9.13.1
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: php version: 7.0
2018
Responsive filemanager 9.13.1 – Server-Side Request Forgery
Responsive Filemanager version 9.13.1 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can exploit this vulnerability to access sensitive information from the server or to perform malicious activities. The vulnerability exists due to the lack of proper validation of user-supplied input in the 'url' parameter of the 'upload.php' script. An attacker can send a specially crafted request to the vulnerable script and execute arbitrary code on the server.
Mitigation:
The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.
