CVE-2018-14728

CRITICAL NUCLEI

Responsive FileManager 9.13.1 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-14728. PoCs published by GUIA BRAHIM FOUAD. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Server-Side Request Forgery (SSRF) vulnerability in Responsive Filemanager 9.13.1. It uses curl commands to exploit the vulnerability by making requests to internal files, a gopher protocol for SMTP interaction, and an OpenStack metadata endpoint.

Description

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.

Exploits (1)

exploitdb WORKING POC
by GUIA BRAHIM FOUAD · textwebappslinux
https://www.exploit-db.com/exploits/45103

This exploit demonstrates a Server-Side Request Forgery (SSRF) vulnerability in Responsive Filemanager 9.13.1. It uses curl commands to exploit the vulnerability by making requests to internal files, a gopher protocol for SMTP interaction, and an OpenStack metadata endpoint.

Classification
Working Poc 100%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: Responsive Filemanager 9.13.1
No auth needed
Prerequisites: Access to the target server's filemanager/upload.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Responsive filemanager 9.13.1 Server-Side Request Forgery
CRITICALby madrobot

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45103/

Scores

CVSS v3 9.8
EPSS 0.7651
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-918
Status published
Products (1)
tecrail/responsive_filemanager 9.13.1
Published Aug 03, 2018
Tracked Since Feb 18, 2026