CVE-2018-20795

HIGH

tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-20795. PoCs published by Fariskhi Vidyan.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Responsive FileManager 9.13.4, including arbitrary file read, write, and deletion via path traversal, as well as persistent XSS. It provides functional cURL commands to exploit these vulnerabilities.

Description

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.

Exploits (1)

exploitdb WORKING POC

by Fariskhi Vidyan · textwebappsphp

https://www.exploit-db.com/exploits/45987

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Responsive FileManager 9.13.4, including arbitrary file read, write, and deletion via path traversal, as well as persistent XSS. It provides functional cURL commands to exploit these vulnerabilities.

Classification

Working Poc 100%

Attack Type

Info Leak | Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: Responsive FileManager 9.13.4

Auth required

Prerequisites: Valid PHPSESSID cookie · Access to the target application

MITRE ATT&CK

T1005 - Data from Local System T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45987

Scores

CVSS v3 7.5

EPSS 0.0346

EPSS Percentile 87.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

tecrail/responsive_filemanager 9.13.4

Published Feb 25, 2019

Tracked Since Feb 18, 2026