PT-2013-4744 · Unknown · Easy File Manager

Published

2013-12-05

Updated

2017-08-29

CVE-2013-3921

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Easy File Manager version 1.1

Description A directory traversal issue allows remote attackers to read arbitrary files by providing a ..%2f (encoded dot dot slash) to the default URI.

Recommendations For Easy File Manager version 1.1, consider restricting access to the default URI until a patch is available. As a temporary workaround, avoid using the default URI with encoded dot dot slash sequences.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2013-3921

Affected Products

Easy File Manager

PT-2013-4744 · Unknown · Easy File Manager

CVE-2013-3921

Weakness Enumeration

Related Identifiers

Affected Products

References · 3