cnvd - cnvd-2018-20452

cnvd-2018-20452

Vulnerability from cnvd

Title: Responsive Filemanager身份验证绕过漏洞

Description:

Responsive FileManager是一款使用PHP语言编写的开源文件管理器，它支持视频、图像和其它文件的上传和管理。

Responsive Filemanager 9.8.1版本存在身份验证绕过漏洞，该漏洞允许攻击者访问文件管理界面，该界面允许更新，编辑和删除文件。

Severity: 高

Formal description:

目前没有详细的解决方案提供： https://www.responsivefilemanager.com/

Reference: https://seclists.org/fulldisclosure/2018/Oct/24

Impacted products

Name
tecrail Responsive FileManager 9.8.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-18061"
    }
  },
  "description": "Responsive FileManager\u662f\u4e00\u6b3e\u4f7f\u7528PHP\u8bed\u8a00\u7f16\u5199\u7684\u5f00\u6e90\u6587\u4ef6\u7ba1\u7406\u5668\uff0c\u5b83\u652f\u6301\u89c6\u9891\u3001\u56fe\u50cf\u548c\u5176\u5b83\u6587\u4ef6\u7684\u4e0a\u4f20\u548c\u7ba1\u7406\u3002\r\n\r\nResponsive Filemanager 9.8.1\u7248\u672c\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u8bbf\u95ee\u6587\u4ef6\u7ba1\u7406\u754c\u9762\uff0c\u8be5\u754c\u9762\u5141\u8bb8\u66f4\u65b0\uff0c\u7f16\u8f91\u548c\u5220\u9664\u6587\u4ef6\u3002",
  "discovererName": "Yavuz Atlas of Biznet Bilisim",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.responsivefilemanager.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20452",
  "openTime": "2018-10-10",
  "products": {
    "product": "tecrail Responsive FileManager 9.8.1"
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Oct/24",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-10",
  "title": "Responsive Filemanager\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-18061 (GCVE-0-2018-18061)

Vulnerability from cvelistv5

Published

2018-10-10 21:00

Modified

2024-08-05 11:01

Severity ?

CWE

Summary

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.

References

▼	URL	Tags
	https://seclists.org/bugtraq/2018/Oct/25	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181009 Responsive Filemanager 9.8.1 Authentication Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2018/Oct/25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20181009 Responsive Filemanager 9.8.1 Authentication Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2018/Oct/25"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-18061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181009 Responsive Filemanager 9.8.1 Authentication Bypass",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2018/Oct/25"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-18061",
    "datePublished": "2018-10-10T21:00:00",
    "dateReserved": "2018-10-08T00:00:00",
    "dateUpdated": "2024-08-05T11:01:14.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted