Directory Traversal and SSRF Vulnerability in Responsive FileManager before 9.13.3

Directory Traversal and SSRF Vulnerability in Responsive FileManager before 9.13.3

CVE-2018-15495 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.

Learn more about our Web Application Penetration Testing UK.