Описание
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 9.13.4 (исключая)
cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06618
Низкий
5.5 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
EPSS
Процентиль: 91%
0.06618
Низкий
5.5 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-22