Directory Traversal
Description
Activity
Show:
Samuel Kong July 3, 2012 at 4:39 AM
The code for this ticket was committed under .
Fixed
Details
Assignee
SE SupportSE SupportReporter
Samuel KongSamuel Kong(Deactivated)Components
Affects versions
Priority
Medium
Details
Details
Assignee
SE SupportReporter
Samuel KongComponents
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created July 3, 2012 at 2:20 AM
Updated June 24, 2023 at 4:00 PM
Resolved July 3, 2012 at 2:22 AM
6.1.X
Servers using the FileSystemStore (default) or the AdvancedFileSystemStore to persist documents in the document library (dl.store.impl in portal.properties) are vulnerable to a directory traversal attacks. By manipulating the URL in the Message Boards, Wiki, or Knowledge Base portlet, an attacker can access any file on the server.
6.0.X
Servers using the FileSystemHook (default) or the AdvancedFileSystemHook to persist documents in the document library (dl.hook.impl in portal.properties) are vulnerable to a directory traversal attacks. By manipulating the URL in the Message Boards, Wiki, or Knowledge Base portlet, an attacker can access any file on the server.