CVE-2017-20145

Summary

A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issue. It is recommended to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
TecrailResponsive Filemanger9.0affected
TecrailResponsive Filemanger9.1affected
TecrailResponsive Filemanger9.2affected
TecrailResponsive Filemanger9.3affected
TecrailResponsive Filemanger9.4affected
TecrailResponsive Filemanger9.5affected
TecrailResponsive Filemanger9.6affected
TecrailResponsive Filemanger9.7affected
TecrailResponsive Filemanger9.8affected
TecrailResponsive Filemanger9.9affected
TecrailResponsive Filemanger9.10affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References