Fehler #205: CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9 - eXtplorer - PHP-based File Manager - eXtplorer - a PHP-based File Manager

Actions

Copy link

Fehler #205

open

CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9

Added by Emilio Pozuelo Monfort over 8 years ago. Updated almost 3 years ago.

Status:

Gelöst

Priority:

Normal

Assignee:

Category:

Target version:

2.1.10

eXtplorer Version:

2.1.4

Joomla! Version:

Joomla! 3.1

Description

Hi,

I haven't found an issue or a fix for this on your site, so I'm forwarding this in case you weren't aware. There was an archive path traversal vulnerability. It has been assigned CVE-2016-4313. For more details see:

https://www.exploit-db.com/exploits/39816/

Files

CVE-2016-431.patch (1.3 KB) CVE-2016-431.patch

Chris Lamb, 08/09/2016 08:44 PM

Actions

Copy link

Updated by Chris Lamb over 8 years ago

File CVE-2016-431.patch CVE-2016-431.patch added

Suggested patch attached. I would use

extpath::check

but that unfortunately also checks whether the destination is outside of

EXT_PATH

Actions

Copy link

Updated by Sören Eberhardt-Biermann almost 8 years ago

Status changed from Neu to Gelöst
Target version set to 2.1.10

thanks for providing the report and the patch!

Actions

Copy link

Updated by David samy almost 3 years ago

تحميل برنامج تشغيل الالعاب
برنامج تشغيل الفيديو

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

eXtplorer - PHP-based File Manager

Fehler #205

CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9

Updated by Chris Lamb over 8 years ago

Updated by Sören Eberhardt-Biermann almost 8 years ago

Updated by David samy almost 3 years ago