Information Disclosure Vulnerability in BlogoText Allows Reading Backup Archives on Windows Servers

Information Disclosure Vulnerability in BlogoText Allows Reading Backup Archives on Windows Servers

CVE-2017-17793 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).

Learn more about our Cis Benchmark Audit For Server Software.