CVE-2017-17793

Name of the Vulnerable Software and Affected Versions BlogoText versions prior to 3.7.7

Description The issue allows remote attackers to read backup archives on Windows servers by defeating a filename-randomization protection mechanism. This can be achieved by providing the archiv~1.zip name, which is an 8.3 filename, to the creer fichier zip function in admin/maintenance.php.

Recommendations For versions prior to 3.7.7, update to version 3.7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/maintenance.php file to minimize the risk of exploitation. Avoid using the archiv~1.zip filename in the affected creer fichier zip function until the issue is resolved.