Directory Traversal Vulnerability in tecrail Responsive FileManager before 9.13.4

Directory Traversal Vulnerability in tecrail Responsive FileManager before 9.13.4

CVE-2018-15535 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.

Learn more about our External Network Penetration Testing.