CVE-2017-5480 in b2evolution
Summary
by MITRE
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/13/2026
The vulnerability identified as CVE-2017-5480 represents a critical directory traversal flaw within the b2evolution content management system version 6.8.3 and earlier. This security weakness resides in the file management component located at inc/files/files.ctrl.php, specifically affecting the handling of file operations within the administrative back-office interface. The vulnerability manifests when authenticated users with administrative privileges manipulate the fm_selected array parameter to include directory traversal sequences such as .. (dot dot), enabling them to access files outside their intended directory scope. This flaw fundamentally compromises the application's file system access controls and represents a classic path traversal vulnerability that has been documented in numerous security frameworks and standards.
The technical exploitation of this vulnerability occurs through the manipulation of the fm_selected parameter within the file management controller, where the application fails to properly validate or sanitize user-supplied input before processing file operations. When an authenticated administrator accesses the file management interface, the system processes the fm_selected array without adequate sanitization, allowing maliciously crafted traversal sequences to bypass normal file system boundaries. This weakness enables attackers to perform unauthorized file operations including reading sensitive files such as configuration data, database credentials, or application source code, as well as deleting critical system files. The vulnerability is particularly dangerous because it requires only administrative access, which is typically limited to trusted users, but once exploited can provide access to the underlying file system beyond normal operational boundaries. According to CWE classification, this represents a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability, which is categorized under the broader category of input validation and access control weaknesses.
The operational impact of CVE-2017-5480 extends beyond simple unauthorized file access, as it provides attackers with the capability to escalate privileges and potentially compromise the entire application infrastructure. An attacker with administrative access can leverage this vulnerability to extract sensitive configuration files that may contain database connection strings, encryption keys, or other critical system information. Additionally, the ability to delete arbitrary files can result in complete application disruption, data loss, or the ability to install malicious payloads by replacing critical system files. This vulnerability is particularly concerning in environments where b2evolution is used for content management, as it can lead to the exposure of private content, user data, or business-critical information. The attack vector requires only an authenticated administrative session, making it more accessible than vulnerabilities requiring additional exploitation steps. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation through path traversal and credential access through file system manipulation, potentially enabling lateral movement within compromised environments.
Mitigation strategies for CVE-2017-5480 must address both the immediate vulnerability and broader security posture of the affected system. The primary recommendation involves applying the official patch released by b2evolution developers for version 6.8.4 and later, which implements proper input validation and sanitization of the fm_selected parameter. Organizations should also implement comprehensive input validation measures that sanitize all user-supplied data before processing, particularly in file system operations. Network segmentation and access control measures should be enforced to limit administrative privileges to only necessary personnel, reducing the attack surface. Additionally, implementing proper file system permissions and ensuring that administrative accounts operate with the principle of least privilege can limit the potential impact of exploitation. Regular security audits and code reviews should be conducted to identify similar vulnerabilities in other components of the application. The vulnerability serves as a reminder of the importance of validating all user input and implementing proper access controls, particularly in administrative interfaces where elevated privileges are granted. Organizations should also consider implementing web application firewalls and intrusion detection systems to monitor for suspicious file access patterns that might indicate exploitation attempts. According to industry best practices, this vulnerability underscores the need for secure coding practices and comprehensive security testing throughout the software development lifecycle, particularly focusing on input validation and access control mechanisms.