2 matches found
CVE-2017-17793
Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...
CVE-2017-17793
BlogoText 3.7.6 and earlier: information-disclosure vulnerability in admin/maintenance.php at creer_fichier_zip. An attacker can defeat the filename-randomization protection by supplying archiv~1.zip (8.3 filename) and read backup archives on Windows servers. Root cause is a flaw in the randomiza...