Information Disclosure Vulnerability in BlogoText Allows Reading Backup Archives on Windows Servers
CVE-2017-17793 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).
Learn more about our Cis Benchmark Audit For Server Software.