Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText up to and including 3.7.6 allows remote malicious users to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blogotext project blogotext |