Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-596-1 extplorer

Debian Security Advisory

DLA-596-1 extplorer -- LTS security update

Date Reported:

15 Aug 2016

Affected Packages:

extplorer

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-4313.

More information:

It was discovered that there was an archive traversal exploit in eXtplorer, a web-based file manager.

The unzip/extract feature allowed for path traversal as decompressed files can be placed outside of the intended target directory if the archive content contained "../" characters.

For Debian 7 Wheezy, this issue has been fixed in extplorer version 2.1.0b6+dfsg.3-4+deb7u4.

We recommend that you upgrade your extplorer packages.