Description

Ext JS is a pure JavaScript application framework for building interactive web applications using techniques such as Ajax, DHTML and DOM scripting. Baidu Security Team found a vulnerability in the examples provided with Ext JS that allows an attacker to initiate arbitrary HTTP requests and (in some conditions) read arbitrary files from the server.

Remediation

Restrict access to the examples directory provided with Ext JS.

References

extjs Arbitrary File Read

Related Vulnerabilities

WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.4)

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-6614)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21706)

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files Multiple Vulnerabilities (1.6.0)

WordPress Plugin Font-official webfonts plugin of Fonts For Web Directory Traversal (7.5)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal SSRF Acumonitor