Project

General

Profile

Fehler #179

Users Home directory - security issue.

Added by Julianno Nogueira over 8 years ago.

Status:
Neu
Priority:
Hoch
Assignee:
-
Category:
-
Target version:
-
eXtplorer Version:
2.1.4
Joomla! Version:
none

Description

Good Afternoon,

I have installed eXtplorer version 2.1.6 and I found an issue that I need your help in order to fix this security hole.

When the issue happen:
1 - Using an admin account, create a subfolder in the root folder (any name);
2 - Create a new user, and select his "Home directory" as the new created above;
3 - Now, delete de new created folder that was set to the new user (using admin account still)
4 - Login with the new user and get access to the entire public_html folder!

Are you able to help me to identify where can I insert a folder lookup for each user, and if that folder does not exist, set the User Home directory to some "custom" folder?

Thank you in advance.

Also available in: Atom PDF