Path traversal in b2evolution

#VU39804 Path traversal in b2evolution

Published: 2017-01-23 | Updated: 2020-08-08

Vulnerability identifier: #VU39804

Vulnerability risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5539

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
b2evolution
Web applications / CMS

Vendor: b2evolution.net

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ../ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.

Mitigation
Install update from vendor's website.

Vulnerable software versions

b2evolution: 6.8.4

External links
http://b2evolution.net/downloads/6-8-5
http://www.securityfocus.com/bid/95700
http://github.com/b2evolution/b2evolution/commit/e35f7c195d8c1103d2d981a48cda5ab45ecac48a
http://github.com/b2evolution/b2evolution/issues/36

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Path traversal in b2evolution.net b2evolution