CVE-2017-17793

Published: Dec 20, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/BlogoText/blogotext/commit/101dc1d37010a1d877d6961ed2f32d089c708e91

x_refsource_CONFIRM

https://github.com/BlogoText/blogotext/issues/345

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-17793

Description

Affected Products

References