icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

AjaXplorer < 2.6 Multiple Vulnerabilities

High

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting AjaXplorer, a web-based file management application. The installed version is earlier than 2.6. Such versions are potentially affected by multiple vulnerabilities :

- A command-injection vulnerability via the 'destserver' parameter of the 'plugins/access.ssh/checkInstall.php' script.

- Unspecified input is not properly validated before being used to read files.

Solution

Upgrade to AjaXplorer 2.6 or later.