Primary

Context

dhtmlxFileExplorer Directory Traversal Vulnerability Allowing Access to Sensitive Information

Vulnerability

A directory traversal vulnerability has been identified in dhtmlxFileExplorer version 8.4.6. This vulnerability allows remote attackers to access sensitive information by exploiting the File Listing function. The issue arises from improper validation of file paths, enabling unauthorized access to system files through path traversal attacks.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive files on the server.

Reproduction

To reproduce this vulnerability, send a GET request to the File Listing function while including a crafted file path that traverses directories (e.g., using '../' sequences) to access sensitive system folders. The request must be made with the appropriate headers to mimic a standard browser request.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

dhtmlxFileExplorer Directory Traversal Vulnerability Allowing Access to Sensitive Information

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating