Description
Ext JS is a pure JavaScript application framework for building interactive web applications using techniques such as Ajax, DHTML and DOM scripting. Baidu Security Team found a vulnerability in the examples provided with Ext JS that allows an attacker to initiate arbitrary HTTP requests and (in some conditions) read arbitrary files from the server.
Remediation
Restrict access to the examples directory provided with Ext JS.
References
Related Vulnerabilities
WordPress Plugin Booking Calendar Directory Traversal (7.0)
Unauthenticated Arbitrary File Read vulnerability in VMware vCenter
WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)
Typo3 Restler 1.7.0 Local File Disclosure
WordPress Plugin WordPress Download Manager Directory Traversal (2.6.95)