What is CVE-2018-15535?

CVE-2018-15535 is a vulnerability in N/a. Published 2018-08-24.

Is CVE-2018-15535 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-15535

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that…

EPSS: 0.791 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates

References

45271 (exploit, x_refsource_EXPLOIT-DB)
20180821 RESPONSIVE filemanager (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2018-15535?: CVE-2018-15535 is a vulnerability in N/a. Published 2018-08-24.
Is CVE-2018-15535 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.