Improper Authentication in Responsive FileManager - CVE-2018-18061
Published: October 10, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU36551
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-18061
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TecRail
Affected software:
Responsive FileManager
Responsive FileManager
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.
How to mitigate CVE-2018-18061
Install update from vendor's website.