Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dev-editor | Dev-editor | 2.0 (including) | 2.0 (including) |
| Dev-editor | Dev-editor | 2.1 (including) | 2.1 (including) |
| Dev-editor | Dev-editor | 2.1a (including) | 2.1a (including) |
| Dev-editor | Dev-editor | 2.2a (including) | 2.2a (including) |
| Dev-editor | Dev-editor | 2.3 (including) | 2.3 (including) |
| Dev-editor | Dev-editor | 2.3.1 (including) | 2.3.1 (including) |
| Dev-editor | Dev-editor | 2.3.2 (including) | 2.3.2 (including) |
| Dev-editor | Dev-editor | 3.0 (including) | 3.0 (including) |
References
- http://devedit.sourceforge.net/changelog.shtml
- http://secunia.com/advisories/17537/
- http://www.securityfocus.com/bid/15393
- http://www.vupen.com/english/advisories/2005/2389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23057
- http://devedit.sourceforge.net/changelog.shtml
- http://secunia.com/advisories/17537/
- http://www.securityfocus.com/bid/15393
- http://www.vupen.com/english/advisories/2005/2389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23057