Vulnerability identifier: #VU31232
Vulnerability risk: Medium
Exploitation vector: Network
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
Install update from vendor's website.
Vulnerable software versions
Responsive FileManager: 9.13.0 - 9.13.1
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?