Project

General

Profile

Actions

Fehler #179

open

Users Home directory - security issue.

Added by Julianno Nogueira almost 10 years ago.

Status:
Neu
Priority:
Hoch
Assignee:
-
Category:
-
Target version:
-
eXtplorer Version:
2.1.4
Joomla! Version:
none

Description

Good Afternoon,

I have installed eXtplorer version 2.1.6 and I found an issue that I need your help in order to fix this security hole.

When the issue happen:
1 - Using an admin account, create a subfolder in the root folder (any name);
2 - Create a new user, and select his "Home directory" as the new created above;
3 - Now, delete de new created folder that was set to the new user (using admin account still)
4 - Login with the new user and get access to the entire public_html folder!

Are you able to help me to identify where can I insert a folder lookup for each user, and if that folder does not exist, set the User Home directory to some "custom" folder?

Thank you in advance.

No data to display

Actions

Also available in: Atom PDF