Описание
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| fusiondirectory | removed | package | ||
| fusiondirectory | postponed | bullseye | package |
Примечания
https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/commit/9edefd0b367450d665a141c5e94db8a06d208556
Связанные уязвимости
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.