Vulnerability Description
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tecrail | Responsive Filemanager | <= 9.9.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-
- https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute.Third Party Advisory
- https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txtRelease NotesThird Party Advisory
- https://medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-
- http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-
- https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute.Third Party Advisory
- https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txtRelease NotesThird Party Advisory
- https://medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-
FAQ
What is CVE-2022-46604?
CVE-2022-46604 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
How severe is CVE-2022-46604?
CVE-2022-46604 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46604?
Check the references section above for vendor advisories and patch information. Affected products include: Tecrail Responsive Filemanager.