CVE-2018-15536

MEDIUM

tecrail Responsive FileManager < 9.13.4 - Path Traversal and Arbitrary File Write via Archive Extraction

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15536. PoCs published by Simon Uvarov.

AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability (CVE-2018-15536) in Responsive FileManager, allowing arbitrary file read and directory traversal during archive extraction. The PoC includes a base64-encoded ZIP file to exploit the ZipSlip vulnerability.

Description

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Simon Uvarov · textwebappsphp
https://www.exploit-db.com/exploits/45271

This exploit demonstrates a path traversal vulnerability (CVE-2018-15536) in Responsive FileManager, allowing arbitrary file read and directory traversal during archive extraction. The PoC includes a base64-encoded ZIP file to exploit the ZipSlip vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Responsive FileManager < 9.13.4
Auth required
Prerequisites: Access to the target application · Valid session cookie
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45271/
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Aug/34

Scores

CVSS v3 5.5
EPSS 0.0641
EPSS Percentile 92.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
tecrail/responsive_filemanager < 9.13.4
Published Aug 24, 2018
Tracked Since Feb 18, 2026