OneCommander Directory Traversal Vulnerability Allowing Remote Code Execution

A directory traversal vulnerability has been identified in OneCommander version 3.102.0.0. This issue arises from inadequate validation of file paths when extracting ZIP archives. As a result, an attacker could exploit this vulnerability to execute code in the context of the current user by placing malicious files in locations that trigger their execution, such as the user's Startup folder.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the context of the user.

Remediation

Users can upgrade to OneCommander version 3.103.0.0 (Standalone) or 3.102.1 (Microsoft Store) to address this vulnerability.