Path Traversal

froxlor/froxlor is vulnerable to Path Traversal. The vulnerability exists due to a lack of file path validation in adminautoupdate.php, which allows an attacker to access files outside the expected directory and read arbitrary files through relative paths such as \..filename...

File Path Traversal Vulnerability

Description in the file adminautoupdate.php php elseif $page == 'extract' if isset$POST'send' && $POST'send' == 'send' $toExtract = isset$POST'archive' ? $POST'archive' : null; $localArchive = Froxlor::getInstallDir . '/updates/' . $toExtract; $log-logActionFroxlorLogger::ADMACTION, LOGNOTICE,...