CVE-2018-15536

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-15536
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15536.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-15536
Published
2018-08-24T19:29:01.957Z
Modified
2026-03-14T14:32:51.704961Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.

References

Affected packages

Git / github.com/trippo/responsivefilemanager

Affected ranges

Type
GIT
Repo
https://github.com/trippo/responsivefilemanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a50cac88ebcf8b469a189b1097758592c3807150
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.13.4"
        }
    ]
}

Affected versions

9.*
9.9
9.9.1
9.9.2
9.9.4
v.*
v.9.10.1
v9.*
v9.10.0
v9.10.1
v9.10.2
v9.11.0
v9.11.3
v9.12.0
v9.12.1
v9.12.2
v9.13.0
v9.13.1
v9.13.3
v9.9.3
v9.9.4
v9.9.5
v9.9.6
v9.9.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15536.json"