Skip to main content

Responsive Filemanager

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5482 CRITICAL Act Now

Unrestricted file upload in Responsive FileManager 9.14.0 (and likely earlier) allows remote unauthenticated attackers to upload arbitrary files - including PHP scripts - via the dialog.php endpoint, leading directly to remote code execution on the hosting web server. The project is unmaintained at the time of CVE assignment, so no vendor patch is forthcoming, and while no public exploit is identified at time of analysis the trivial nature of unrestricted file upload makes weaponization straightforward.

File Upload PHP RCE Responsive Filemanager
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-5482
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unrestricted file upload in Responsive FileManager 9.14.0 (and likely earlier) allows remote unauthenticated attackers to upload arbitrary files - including PHP scripts - via the dialog.php endpoint, leading directly to remote code execution on the hosting web server. The project is unmaintained at the time of CVE assignment, so no vendor patch is forthcoming, and while no public exploit is identified at time of analysis the trivial nature of unrestricted file upload makes weaponization straightforward.

File Upload PHP RCE +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy