CVE-2022-46604

high-risk
Published 2023-02-02

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.

Do I need to act?

!
39.6% chance of exploitation in next 30 days
EPSS score — higher than 60% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51251
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Tecrail

References (8)

http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-...
Third Party Advisory https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute....
Release Notes https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt
https://medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-...
http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-...
Third Party Advisory https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.5/filemanager/execute....
Release Notes https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt
https://medium.com/%40_sadshade/file-extention-bypass-in-responsive-filemanager-...
59
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 24/34 · High
Exposure 5/34 · Minimal