Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N
Vendors Products
Ajaxplorer
  • Ajaxplorer

Configuration 1 [-]

OR cpe:2.3:a:ajaxplorer:ajaxplorer:*:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.5:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.1:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.2:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:4.0:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ajaxplorer:ajaxplorer:5.0.1:*:*:*:*:*:*:*
References
Link Resource
http://ajaxplorer.info/ajaxplorer-core-5-0-3/ Patch
http://osvdb.org/97022
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:14:54

Updated: 2022-10-03T16:14:54

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-5688

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2013-11-05T21:55:12.187

Modified: 2013-11-06T18:55:04.270

Link: CVE-2013-5688

JSON object: View

cve-icon Redhat Information

No data.

CWE