cnvd - cnvd-2018-20452

CNVD-2018-20452

Vulnerability from cnvd - Published: 2018-10-10

Title

Responsive Filemanager身份验证绕过漏洞

Description

Responsive FileManager是一款使用PHP语言编写的开源文件管理器，它支持视频、图像和其它文件的上传和管理。 Responsive Filemanager 9.8.1版本存在身份验证绕过漏洞，该漏洞允许攻击者访问文件管理界面，该界面允许更新，编辑和删除文件。

Severity

高

Formal description

目前没有详细的解决方案提供： https://www.responsivefilemanager.com/

Reference

https://seclists.org/fulldisclosure/2018/Oct/24

Impacted products

Name
tecrail Responsive FileManager 9.8.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-18061"
    }
  },
  "description": "Responsive FileManager\u662f\u4e00\u6b3e\u4f7f\u7528PHP\u8bed\u8a00\u7f16\u5199\u7684\u5f00\u6e90\u6587\u4ef6\u7ba1\u7406\u5668\uff0c\u5b83\u652f\u6301\u89c6\u9891\u3001\u56fe\u50cf\u548c\u5176\u5b83\u6587\u4ef6\u7684\u4e0a\u4f20\u548c\u7ba1\u7406\u3002\r\n\r\nResponsive Filemanager 9.8.1\u7248\u672c\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u8bbf\u95ee\u6587\u4ef6\u7ba1\u7406\u754c\u9762\uff0c\u8be5\u754c\u9762\u5141\u8bb8\u66f4\u65b0\uff0c\u7f16\u8f91\u548c\u5220\u9664\u6587\u4ef6\u3002",
  "discovererName": "Yavuz Atlas of Biznet Bilisim",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.responsivefilemanager.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20452",
  "openTime": "2018-10-10",
  "products": {
    "product": "tecrail Responsive FileManager 9.8.1"
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Oct/24",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-10",
  "title": "Responsive Filemanager\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-18061 (GCVE-0-2018-18061)

Vulnerability from cvelistv5 – Published: 2018-10-10 21:00 – Updated: 2024-08-05 11:01

Summary

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://seclists.org/bugtraq/2018/Oct/25

mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181009 Responsive Filemanager 9.8.1 Authentication Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2018/Oct/25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20181009 Responsive Filemanager 9.8.1 Authentication Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2018/Oct/25"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-18061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181009 Responsive Filemanager 9.8.1 Authentication Bypass",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2018/Oct/25"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-18061",
    "datePublished": "2018-10-10T21:00:00",
    "dateReserved": "2018-10-08T00:00:00",
    "dateUpdated": "2024-08-05T11:01:14.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-20452

CVE-2018-18061 (GCVE-0-2018-18061)

Tags

Sightings

Nomenclature