CVE-2013-1641

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
26/10/2014
Last modified:
12/04/2025

Description

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:quixplorer:quixplorer:*:*:*:*:*:*:*:* 2.5.4 (including)