Bypass vulnerability in directory traversal patch (CVE-2017-5480) allows unauthorized file access and deletion

Bypass vulnerability in directory traversal patch (CVE-2017-5480) allows unauthorized file access and deletion

CVE-2017-5539 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:P/A:P

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.

Learn more about our Cis Benchmark Audit For Server Software.