CVE-2018-20789

HIGH

tecrail Responsive FileManager 9.13.4 - Path Traversal & Directory Deletion via execute.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-20789. PoCs published by Fariskhi Vidyan.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Responsive FileManager 9.13.4, including arbitrary file read, write, and deletion via path traversal, as well as persistent XSS. It provides functional cURL commands to exploit these vulnerabilities.

Description

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.

Exploits (1)

exploitdb WORKING POC
by Fariskhi Vidyan · textwebappsphp
https://www.exploit-db.com/exploits/45987

The exploit demonstrates multiple vulnerabilities in Responsive FileManager 9.13.4, including arbitrary file read, write, and deletion via path traversal, as well as persistent XSS. It provides functional cURL commands to exploit these vulnerabilities.

Classification
Working Poc 100%
Attack Type
Info Leak | Xss | Other
Complexity
Trivial
Reliability
Reliable
Target: Responsive FileManager 9.13.4
Auth required
Prerequisites: Valid PHPSESSID cookie · Access to the target application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45987

Scores

CVSS v3 7.5
EPSS 0.0363
EPSS Percentile 88.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
tecrail/responsive_filemanager 9.13.4
Published Feb 25, 2019
Tracked Since Feb 18, 2026