CVE-2020-10567

moderate-risk
Published 2020-03-14

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)

Do I need to act?

!
10.7% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Tecrail

References (4)

http://packetstormsecurity.com/files/171280/ZwiiCMS-12.2.04-Remote-Code-Executio...
Exploit https://github.com/trippo/ResponsiveFilemanager/issues/600
http://packetstormsecurity.com/files/171280/ZwiiCMS-12.2.04-Remote-Code-Executio...
Exploit https://github.com/trippo/ResponsiveFilemanager/issues/600
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 11/34 · Low
Exposure 5/34 · Minimal