Lucene search

MitreCVE-2022-46604

HistoryFeb 02, 2023 - 1:15 p.m.

CVE-2022-46604

2023-02-0213:15:09

CWE-434

mitre

web.nvd.nist.gov

cve-2022-46604

tecrail responsive filemanager

security issue

file extension bypass

arbitrary code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.

Affected configurations

Nvd

Node

tecrailresponsive_filemanagerRange≤9.9.5

VendorProductVersionCPE
tecrailresponsive_filemanager*cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tecrail	responsive_filemanager	*	cpe:2.3:a:tecrail:responsive_filemanager::::::::

References

packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html

github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute.php

github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt

medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-9-5-5-leading-to-rce-authenticated-3290eddc54e7

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

Related for CVE-2022-46604