N/A

Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root

N/A

N/A

phpXplorer Workspaces.PHP目录遍历漏洞

** 有争议 ** phpXplorer 0.9.33的workspaces.php中的目录遍历漏洞，可让远程攻击者通过sShare参数中的..(两点)和结尾的空字节(%00)包含任意文件。注意：后续发布的信息声称这不是漏洞，因为phpXplorer的功能支持上传PHP文件，既然PHP功能支持Web根目录范围之外的读访问权，因此不会跨越特权边界。

N/A

N/A