CVE-2017-1000170

Name of the Vulnerable Software and Affected Versions jqueryFileTree versions 2.1.5 and older

Description The issue is related to Directory Traversal. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Technical details about exploitation include sending a request to the /js/jqueryfiletree-2.1.5/dist/connectors/jqueryFileTree.php endpoint with a dir parameter set to /, allowing an attacker to traverse directories.

Recommendations For jqueryFileTree versions 2.1.5 and older, as a temporary workaround, consider restricting access to the jqueryFileTree.php file until a patch is available. Avoid using the dir parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.