mucommander

vulnerability zip-slip
severity 7.5
language java
registry other

:book: Description

mucommander A lightweight, cross-platform file manager with a dual-pane interface. This package is vulnerable for zip-slip.

https://github.com/mucommander/mucommander https://www.mucommander.com/

:recycle: Steps To Reproduce-:

  1. download and run latest release from https://github.com/mucommander/mucommander/releases/tag/0.9.6-1
  2. unpack given zip file . example used : https://drive.google.com/file/d/1nLjX6QuPj8G1nl2h8sU4c3RSuuICWIHY/view?usp=sharing

:telescope: POC

https://drive.google.com/file/d/1Rqsbr9_ijoHOa949B9Q1cM2jv8jb4zwV/view?usp=sharing

💥 Impact

zip-slip (Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution)