This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.Mitigation
Install update from vendor's website.Vulnerable software versions
Responsive FileManager: 9.13.0 - 9.13.1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?