Vulnerability Description
An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tecrail | Responsive Filemanager | <= 9.14.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171280/ZwiiCMS-12.2.04-Remote-Code-Executio
- https://github.com/trippo/ResponsiveFilemanager/issues/600ExploitThird Party Advisory
- http://packetstormsecurity.com/files/171280/ZwiiCMS-12.2.04-Remote-Code-Executio
- https://github.com/trippo/ResponsiveFilemanager/issues/600ExploitThird Party Advisory
FAQ
What is CVE-2020-10567?
CVE-2020-10567 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. Thi...
How severe is CVE-2020-10567?
CVE-2020-10567 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-10567?
Check the references section above for vendor advisories and patch information. Affected products include: Tecrail Responsive Filemanager.