#VU4748 Directory traversal in b2evolution
Vulnerability identifier: #VU4748
Vulnerability risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
b2evolution
Web applications /
CMS
Vendor: b2evolution.net
Description
The vulnerability allows a remote attacker to view arbitrary files on vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied data passed "fm_selected" array parameter in "inc/files/files.ctrl.php" script. A remote authenticated attacker can use directory traversal sequences (e.g. ../) to view contents of arbitrary files on vulnerable system.
Successful exploitation of the vulnerability may allow an attacker to obtain sensitive ad system information.
Mitigation
Install update from GIT repository.
Vulnerable software versions
b2evolution: 6.8.1 - 6.8.3
External links
http://github.com/b2evolution/b2evolution/issues/35
http://github.com/b2evolution/b2evolution/commit/26841d9c81f27ad23b2f6e4bd5eaec7f2f58dfe0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
