Published: 02/02/2023 Updated: 07/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

An issue in Tecrail Responsive FileManager v9.9.5 and below allows malicious users to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tecrail responsive filemanager

Responsive FileManager v.9.9.5 vulnerable to CVE-2022-46604.

ResponsiveFileManager-CVE-2022-46604 Responsive FileManager v995 vulnerable to CVE-2022-46604 (File Creation Extension Bypass which leads to RCE) The current exploit is made in Python 3 and exploits the vulnerability to upload a webshell which allows the remote execution of commands in the vulnerable host References Exploit Database (Exploit-DB): wwwexploit-dbco

Responsive FileManager v.9.9.5 vulnerable to CVE-2022-46604.

ResponsiveFileManager-CVE-2022-46604 Responsive FileManager v995 vulnerable to CVE-2022-46604 (File Creation Extension Bypass which leads to RCE) The current exploit is made in Python 3 and exploits the vulnerability to upload a webshell which allows the remote execution of commands in the vulnerable host References Exploit Database (Exploit-DB): wwwexploit-dbco

CWE-434 https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute.php https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html https://medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-9-5-5-leading-to-rce-authenticated-3290eddc54e7 https://nvd.nist.gov https://github.com/galoget/ResponsiveFilemanager-CVE-2022-46604

CVE-2022-46604

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect