Exploit for Unrestricted Upload of File with Dangerous Type in Tecrail Responsive_Filemanager CVE-2022-46604

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Tecrail Responsive_Filemanager CVE-2022-46604
Rating: 5 (98 reviews)
2025-06-05 | CVSS 8.8
## https://sploitus.com/exploit?id=0C46CBD1-E3AD-567E-86B8-27EADF97D7BD
# CVE 2022 46604 – Responsive File Manager

> ⚠️ **Disclaimer**  
This repository is intended strictly for educational and research purposes only.  
The information and code provided here can be used in controlled environments such as private lab machines.

**Unauthorized use of this code against systems you do not own or have explicit permission to test is illegal and unethical.**  
The author is not responsible for any misuse or damage resulting from this material.

---

## 🔍 About the Vulnerability

**CVE 2022 46604** is a vulnerability found in **Responsive File Manager**, a file management plugin often integrated into web applications and content management systems. The vulnerability exists in **version 9.13.4**, where insufficient input validation of the `path` parameter allows unauthenticated users to perform **directory traversal** and access sensitive files on the server.

According to the [National Vulnerability Database (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2022-46604), the issue has a **CVSS v3 base score of 7.5** (High), as it enables unauthorized access to files outside the intended web directory. Successful exploitation can lead to the exposure of configuration files, credentials, or other sensitive data.

### 📚 References

- [NVD – CVE 2022 46604](https://nvd.nist.gov/vuln/detail/CVE-2022-46604)  
- [ExploitDB Entry – 49359](https://www.exploit-db.com/exploits/49359)  
- [Responsive File Manager Official Site](https://www.responsivefilemanager.com/)

---

## 🛠 Exploit Overview

This repository includes a **modified version** of the public exploit from ExploitDB (ID 49359) to enhance its usability.

### What Was Modified

- The original script was updated to automatically retrieve the **PHPSESSID** cookie if available in the HTTP response.
- If automatic retrieval fails, the script allows users to manually input the session cookie to proceed.
- The output was cleaned up and made more readable for better demonstration and testing purposes.

---

## 🚀 Demonstration

Target File Manager Interface:  
`http://[URL]/filemanager/`

### Interface Screenshot  
![File Manager](./img/file_manager.png)

### Version Screenshot  
![Version Info](./img/file_manager_version.png)

---

## 🧪 Exploit Usage

Save the exploit script as `exploit.py` and run it with the following syntax:

```bash
python3 exploit.py [URL] [path]

# Example:
python3 exploit.py http://192.168.117.145 /etc/passwd

```
![Exploit Output](./img/output.png)

Check out the detailed walkthrough and theory on my Medium post:  
👉 [Read the blog on Medium](https://medium.com/cyberquestor/️-cve-2022-46604-exploring-a-path-traversal-vulnerability-in-responsive-file-manager-50d7ab5826ad)