HTTP: Responsive FileManager Zip Directory Traversal
A zip directory traversal vulnerability has been reported in Responsive FileManager. Successful exploitation could result in the creation or overwriting of files writable by the user running FileManager, leading to the possibility of arbitrary code execution.
Extended Description
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
Affected Products
Tecrail responsive_filemanager
Short Name
HTTP:DIR:FILEMGR-DIRTRV
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-15536 Directory FileManager Responsive Traversal Zip
Release Date
11/29/2018
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Tecrail
CVSS Score
5.8