CVE-2013-5688

Ajaxplorer < 5.0.2 - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/28191

View Code ZIP pw:eip

References (3)

[Patch] http://ajaxplorer.info/ajaxplorer-core-5-0-3/

[Exploit] https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt

[Third Party Advisory, VDB Entry] http://osvdb.org/97022

Scores

EPSS 0.0304

EPSS Percentile 86.7%

Details

CWE

CWE-22

Status published

Products (36)

ajaxplorer/ajaxplorer 2.3.3

ajaxplorer/ajaxplorer 2.3.4

ajaxplorer/ajaxplorer 2.5

ajaxplorer/ajaxplorer 2.5.4

ajaxplorer/ajaxplorer 2.5.5

ajaxplorer/ajaxplorer 2.6.0

ajaxplorer/ajaxplorer 2.7.1

ajaxplorer/ajaxplorer 2.7.2

ajaxplorer/ajaxplorer 2.7.3

ajaxplorer/ajaxplorer 3.0

... and 26 more

Published Nov 05, 2013

Tracked Since Feb 18, 2026