CVE-2020-10212

Published: Mar 7, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the PATH_INFO. Also, an attacker could create a DNS hostname that resolves to the 0.0.0.0 IP address for DNS pinning. NOTE: this issue exists because of an incomplete fix for CVE-2018-14728.

Affected (2)

Products: Tecrail: Responsive Filemanager

1 product

Responsive Filemanager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Tecrail Responsive Filemanager	Version 9.13.4
Tecrail Responsive Filemanager	Version 9.14.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://github.com/trippo/ResponsiveFilemanager/issues/598

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/trippo/ResponsiveFilemanager/issues/598

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.