Test ID:	1.3.6.1.4.1.25623.1.0.803970
Category:	Web application abuses
Title:	AjaXplorer Zoho plugin < 5.0.4 Directory Traversal Vulnerability
Summary:	The Zoho plugin of AjaXplorer is prone to a directory traversal; and a file upload vulnerability.
Description:	Summary: The Zoho plugin of AjaXplorer is prone to a directory traversal and a file upload vulnerability. Vulnerability Insight: The flaws exist due to improper validation of user-supplied input via the 'name' parameter and improper validation of file extensions by the save_zoho.php script. Vulnerability Impact: Successful exploitation may allow an attacker to obtain sensitive information, and upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the affected system. Affected Software/OS: AjaXplorer Zoho plugin 5.0.3 and prior. Solution: Update the Zoho plugin to version 5.0.4 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6226 BugTraq ID: 63647 http://www.securityfocus.com/bid/63647 Bugtraq: 20131110 Vulnerability in Pydio/AjaXplorer <= 5.0.3 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html http://www.redfsec.com/CVE-2013-6226 XForce ISS Database: ajaxplorer-zoho-cve20136226-dir-traversal(88667) https://exchange.xforce.ibmcloud.com/vulnerabilities/88667 Common Vulnerability Exposure (CVE) ID: CVE-2013-6227 https://www.exploit-db.com/exploits/46206/ http://pyd.io/pydio-core-5-0-4/ http://www.redfsec.com/CVE-2013-6227
Copyright	Copyright (C) 2013 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.