Responsive Filemanager 9.8.1 Authentication Bypass

Responsive Filemanager version 9.8.1 suffers from an authentication bypass vulnerability.


MD5 | 2968e7e3127dac8103c96182e7b5ce30

I. VULNERABILITY
-------------------------
Responsive Filemanager 9.8.1 Authentication Bypass

II. CVE REFERENCE
-------------------------
CVE-2018-18061

III. VENDOR
-------------------------
https://www.responsivefilemanager.com

IV. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-18061

V. CREDIT
-------------------------
Yavuz Atlas of Biznet Bilisim
http://www.biznet.com.tr/biznet-guvenlik-duyurulari

VI. DESCRIPTION
-------------------------
Responsive Filemanager version 9.8.1 allows remote attackers to bypass
authentication. The vulnerability allows attackers to access file
management interface which gives permission to updload, edit and
delete files.

VII. PROOF OF CONCEPT
-------------------------
http://localhost/filemanager/dialog.php is forbidden. But any value
with secretkey parameter bypass this restriction.

http://localhost/filemanager/dialog.php?secretkey=anything

Related Posts