CVE-2020-10567

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-10567
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10567.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10567
Published
2020-03-14T14:15:11.310Z
Modified
2026-03-14T09:47:52.291082Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)

References

Affected packages

Git / github.com/trippo/responsivefilemanager

Affected ranges

Type
GIT
Repo
https://github.com/trippo/responsivefilemanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d5572d2c645c9eebf0a9fcb9f3e6d23722d454f4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.14.0"
        }
    ]
}

Affected versions

9.*
9.9
9.9.1
9.9.2
9.9.4
v.*
v.9.10.1
v9.*
v9.10.0
v9.10.1
v9.10.2
v9.11.0
v9.11.3
v9.12.0
v9.12.1
v9.12.2
v9.13.0
v9.13.1
v9.13.3
v9.13.4
v9.14.0
v9.9.3
v9.9.4
v9.9.5
v9.9.6
v9.9.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10567.json"