eXtplorer CVE-2016-4313 Local Directory Traversal Vulnerability



eXtplorer is prone to a local directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue using directory-traversal characters ('../') to access and write arbitrary files or to execute arbitrary files.

eXtplorer 2.1.9 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 98069
Class: Input Validation Error
CVE: CVE-2016-4313

Remote: No
Local: Yes
Published: Apr 24 2017 12:00AM
Updated: Apr 28 2017 04:10PM
Credit: John Page aka hyp3rlinx.
Vulnerable: eXtplorer eXtplorer 2.1.9


Not Vulnerable:

Exploit


The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.


References:

Related Posts