Project

General

Profile

Fehler #205

CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9

Added by Emilio Pozuelo Monfort 10 months ago. Updated 5 months ago.

Status:
Gelöst
Priority:
Normal
Assignee:
-
Category:
-
Target version:
eXtplorer Version:
2.1.4
Joomla! Version:
Joomla! 3.1

Description

Hi,

I haven't found an issue or a fix for this on your site, so I'm forwarding this in case you weren't aware. There was an archive path traversal vulnerability. It has been assigned CVE-2016-4313. For more details see:

https://www.exploit-db.com/exploits/39816/

CVE-2016-431.patch Magnifier (1.3 KB) Chris Lamb, 08/09/2016 08:44 PM

History

#1 Updated by Chris Lamb 10 months ago

Suggested patch attached. I would use

extpath::check
but that unfortunately also checks whether the destination is outside of
EXT_PATH
.

#2 Updated by Sören Eberhardt-Biermann 5 months ago

  • Status changed from Neu to Gelöst
  • Target version set to 2.1.10

thanks for providing the report and the patch!

Also available in: Atom PDF