CVE Tools

tecrail

Consumer Softwareunknown

17

Cumulative CVEs

4

Monthly snapshots

#52

Peak rank

Top products

responsive filemanager3

Latest CVEs

The 15 most recently published vulnerabilities affecting tecrail.

CVE-2022-44276In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.9.8Jun 28, 2023
CVE-2022-46604An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.8.8Feb 2, 2023
CVE-2017-20145Tecrail Responsive Filemanger path traversal6.3Jul 25, 2022
CVE-2020-11106An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. This made stored ...6.1Mar 30, 2020
CVE-2020-10567An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. ...9.8Mar 14, 2020
CVE-2020-10212upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an...9.8Mar 6, 2020
CVE-2018-20795tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboa...7.5Feb 25, 2019
CVE-2018-20794tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_call...7.5Feb 25, 2019
CVE-2018-20793tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execut...7.5Feb 25, 2019
CVE-2018-20792tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.7.5Feb 25, 2019
CVE-2018-20791tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.6.1Feb 25, 2019
CVE-2018-20790tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.7.5Feb 25, 2019
CVE-2018-20789tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in ex...7.5Feb 25, 2019
CVE-2018-18867An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.8.6Oct 31, 2018
CVE-2018-18062An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.6.1Oct 10, 2018