Description
Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Oriol Torrent Santiago · textwebappsphp
https://www.exploit-db.com/exploits/27097
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/422158/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39982
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16263
Exploit, Vendor Advisory x_refsource_misc
http://www.arrelnet.com/advisories/adv20060116.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0232
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18518
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/353
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/421997/100/0/threaded
Scores
EPSS
0.1376
EPSS Percentile
94.3%
Details
Status
published
Products (1)
phpxplorer/phpxplorer
0.9.33
Published
Jan 18, 2006
Tracked Since
Feb 18, 2026