Total Commander Client Side Directory Traversal Vulnerability

Bugtraq ID:	25581
Class:	Input Validation Error
CVE:	CVE-2007-4756
Remote:	Yes
Local:	No
Published:	Sep 06 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Gynvael Coldwind is credited with the discovery of this vulnerability.
Vulnerable:	Total Commander Total Commander 7.01 Total Commander Total Commander 6.56 Total Commander Total Commander 0
Not Vulnerable:	Total Commander Total Commander 7.02

Total Commander Client Side Directory Traversal Vulnerability

Total Commander is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker can exploit this issue to upload a malicious file to an arbitrary location on the victim's computer.

This issue affects Total Commander 7.01; other versions may also be vulnerable.

Total Commander Client Side Directory Traversal Vulnerability

An attacker can exploit this issue by tricking an unsuspecting victim into uploading a malicious file.

Total Commander Client Side Directory Traversal Vulnerability

Solution:
The vendor has released Total Commander 7.02 to address this issue. Please contact the vendor for details on obtaining and applying the appropriate updates.

Total Commander Client Side Directory Traversal Vulnerability

References:

• 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal (Gynvael Coldwind)
  
• Total Commander 7.02 and 6.57 for Windows released! (Total Commander)
  
• Total Commander Homepage (Total Commander)
  
• [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal (Gynvael Coldwind)