CVE-2018-15535 Scanner
CVE-2018-15535 scanner - Directory Traversal vulnerability in Responsive FileManager
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
URL
Toolbox
-
Responsive FileManager is a popular web-based file manager that allows users to manage, upload, and organize their files on a website with ease. It is widely used by web developers, webmasters, and website owners to manage their website files in a simple, yet efficient manner. This file manager is developed by tecrail and is available as a plugin for various content management systems like WordPress, Drupal, and Joomla.
CVE-2018-15535 is a vulnerability that has been detected in tecrail Responsive FileManager before 9.13.4. This vulnerability arises due to the use of external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory. This means that an attacker can potentially exploit this vulnerability to access files and directories that they should not have access to, leading to sensitive information exposure and even remote code execution.
If this vulnerability is exploited, it can lead to serious consequences for the website and its users. The attacker can gain access to sensitive information, such as login credentials, personal data, and financial information. They can also inject malicious code into the website, leading to malware infections and the compromise of user devices. Additionally, the website can suffer downtime and reputation damage, resulting in loss of revenue and trust.
In conclusion, tecrail Responsive FileManager is a useful tool for managing website files, but it is not without its vulnerabilities. CVE-2018-15535 is a serious vulnerability that can lead to sensitive information exposure and remote code execution. By taking the necessary precautions, website owners can protect their website and users from potential attacks. With the pro features of the s4e.io platform, website owners can easily and quickly learn about vulnerabilities in their digital assets, ensuring they stay ahead of potential threats.
REFERENCES
