CVE-2022-46604

HIGH EXPLOITED

Tecrail Responsive FileManager <9.9.5 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-46604 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Galoget Latorre, galoget, CyberQuestor-infosec.

AI-analyzed exploit summary This exploit leverages a file creation extension bypass vulnerability in Responsive FileManager 9.9.5 to upload a PHP webshell, enabling remote code execution (RCE). It interacts with the webshell to execute arbitrary commands on the target system.

Description

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Galoget Latorre · pythonwebappsphp
https://www.exploit-db.com/exploits/51251

This exploit leverages a file creation extension bypass vulnerability in Responsive FileManager 9.9.5 to upload a PHP webshell, enabling remote code execution (RCE). It interacts with the webshell to execute arbitrary commands on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Responsive FileManager 9.9.5
No auth needed
Prerequisites: Target must be running Responsive FileManager 9.9.5 · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by galoget · remote
https://github.com/galoget/ResponsiveFileManager-CVE-2022-46604

This is a Python-based exploit for CVE-2022-46604, which bypasses file creation extensions in Responsive FileManager ≤ 9.9.5 to achieve remote code execution (RCE) via a webshell upload. The exploit automates the process of obtaining a session, creating a malicious PHP file, and interacting with the webshell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Responsive FileManager ≤ 9.9.5
No auth needed
Prerequisites: Target must have Responsive FileManager ≤ 9.9.5 installed and accessible · Network access to the target's filemanager endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by CyberQuestor-infosec · infoleak
https://github.com/CyberQuestor-infosec/CVE-2022-46604-Responsive-File-Manager

This repository contains a Python-based exploit for CVE-2022-46604, a directory traversal vulnerability in Responsive File Manager 9.13.4. The exploit automates the process of copying and pasting files to leak sensitive data via path traversal.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Responsive File Manager 9.13.4
No auth needed
Prerequisites: Target running Responsive File Manager 9.13.4 · Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0863
EPSS Percentile 94.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2025-06-07
CWE
CWE-434
Status published
Products (1)
tecrail/responsive_filemanager < 9.9.5
Published Feb 02, 2023
Tracked Since Feb 18, 2026