Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x prior to 3.2.5 and 4.0.x prior to 4.0.4 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ajaxplorer ajaxplorer 3.2.3 |
||
ajaxplorer ajaxplorer 3.2.2 |
||
ajaxplorer ajaxplorer 3.2.4 |
||
ajaxplorer ajaxplorer 3.2.1 |
||
ajaxplorer ajaxplorer 3.2 |
||
ajaxplorer ajaxplorer 4.0.3 |
||
ajaxplorer ajaxplorer 4.0.1 |
||
ajaxplorer ajaxplorer 4.0.2 |
||
ajaxplorer ajaxplorer 4.0 |