Project

General

Profile

Actions

Fehler #205

open

CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9

Added by Emilio Pozuelo Monfort over 7 years ago. Updated over 2 years ago.

Status:
Gelöst
Priority:
Normal
Assignee:
-
Category:
-
Target version:
eXtplorer Version:
2.1.4
Joomla! Version:
Joomla! 3.1

Description

Hi,

I haven't found an issue or a fix for this on your site, so I'm forwarding this in case you weren't aware. There was an archive path traversal vulnerability. It has been assigned CVE-2016-4313. For more details see:

https://www.exploit-db.com/exploits/39816/


Files

CVE-2016-431.patch (1.3 KB) CVE-2016-431.patch Chris Lamb, 08/09/2016 08:44 PM
Actions #1

Updated by Chris Lamb over 7 years ago

Suggested patch attached. I would use

extpath::check
but that unfortunately also checks whether the destination is outside of
EXT_PATH
.

Actions #2

Updated by Sören Eberhardt-Biermann over 7 years ago

  • Status changed from Neu to Gelöst
  • Target version set to 2.1.10

thanks for providing the report and the patch!

Actions

Also available in: Atom PDF