WEB APPLICATION VULNERABILITIES Standard & Premium

b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5539)

Description

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.

Remediation

References

Related Vulnerabilities

WordPress Plugin MyPixs Local File Inclusion (0.3)

Oracle JRE CVE-2013-2420 Vulnerability (CVE-2013-2420)

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-14719)

Severity

Critical

Classification

CVE-2017-5539 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities