Debian Security Advisory

DLA-596-1 extplorer -- LTS security update

Date Reported:
15 Aug 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2016-4313.
More information:

It was discovered that there was an archive traversal exploit in eXtplorer, a web-based file manager.

The unzip/extract feature allowed for path traversal as decompressed files can be placed outside of the intended target directory if the archive content contained "../" characters.

For Debian 7 Wheezy, this issue has been fixed in extplorer version 2.1.0b6+dfsg.3-4+deb7u4.

We recommend that you upgrade your extplorer packages.