CVE-2022-46604

Опубликовано: 02 фев. 2023

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.

Ссылки

http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html
https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute.php
Third Party Advisory
https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt
Release Notes
Third Party Advisory
https://medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-9-5-5-leading-to-rce-authenticated-3290eddc54e7
http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html
https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute.php
Third Party Advisory
https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt
Release Notes
Third Party Advisory
https://medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-9-5-5-leading-to-rce-authenticated-3290eddc54e7

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:*

Версия до 9.9.5 (включая)

EPSS

Процентиль: 98%

0.57686

Средний

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-q3q6-m34m-pq3r