Debian Security Advisory
DLA-596-1 extplorer -- LTS security update
- Date Reported:
- 15 Aug 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-4313.
- More information:
It was discovered that there was an archive traversal exploit in eXtplorer, a web-based file manager.
The unzip/extract feature allowed for path traversal as decompressed files can be placed outside of the intended target directory if the archive content contained "../" characters.
For Debian 7
Wheezy, this issue has been fixed in extplorer version 2.1.0b6+dfsg.3-4+deb7u4.
We recommend that you upgrade your extplorer packages.