Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in TecRail Responsive Filemanager



Published: 2020-03-31
Severity High
Patch available NO
Number of vulnerabilities 3
CVE ID CVE-2020-11106
CVE-2020-10567
CVE-2020-10212
CWE ID CWE-79
CWE-20
CWE-918
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Responsive FileManager
Client/Desktop applications / File managers, FTP clients

Vendor TecRail

Security Advisory

1) Stored cross-site scripting

Severity: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2020-11106

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "dialog.php" page in $_SESSION['RF']["view_type"] . A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Responsive FileManager: 9.14.0

CPE External links

https://github.com/trippo/ResponsiveFilemanager/issues/603

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

Severity: High

CVSSv3: 9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2020-10567

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the "ajax_calls.php" file in the "save_img" action in the "name" parameter. A remote attacker can execute PHP code if a legitimate JPEG image contains this code in the EXIF data and the .php extension is used in the name parameter.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Responsive FileManager: 9.9, 9.9.1, 9.9.2, 9.9.3, 9.9.4, 9.9.5, 9.9.6, 9.9.7, 9.10.0, 9.10.1, 9.10.2, 9.11.0, 9.11.3, 9.12.0, 9.12.1, 9.12.2, 9.13.0, 9.13.1, 9.13.3, 9.13.4, 9.14.0

CPE External links

https://github.com/trippo/ResponsiveFilemanager/issues/600

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Server-Side Request Forgery (SSRF)

Severity: Medium

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2020-10212

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists in the "url" parameter due to the file-extension blocking is mishandled and it is possible for a DNS hostname to resolve to an internal IP address. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Responsive FileManager: 9.13.4, 9.14.0

CPE External links

https://github.com/trippo/ResponsiveFilemanager/issues/598

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.