TYPO3 eXtplorer Extension Unspecified Directory Traversal Vulnerability

Bugtraq ID:	52164
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 23 2012 12:00AM
Updated:	Feb 23 2012 12:00AM
Credit:	Chris John Riley
Vulnerable:	Typo3 eXtplorer 0.0.2
Not Vulnerable:

TYPO3 eXtplorer Extension Unspecified Directory Traversal Vulnerability

TYPO3 eXtplorer Extension is prone to an unspecified directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.

Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

TYPO3 eXtplorer 0.0.2 is vulnerable; other versions may also be affected.

TYPO3 eXtplorer Extension Unspecified Directory Traversal Vulnerability

Attackers can exploit this issue with a web browser or readily available tools.

TYPO3 eXtplorer Extension Unspecified Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

TYPO3 eXtplorer Extension Unspecified Directory Traversal Vulnerability

References:

• Synnefoims Homepage (synnefoims)
  
• TYPO3 Security Bulletin TYPO3-EXT-SA-2012-003: Several vulnerabilities in third (TYPO3)