CVE-2019-25098: 
Linux Ubuntu vulnerability analysis and mitigation

A critical path traversal vulnerability was discovered in soerennb eXtplorer versions up to 2.1.12 (CVE-2019-25098). The vulnerability affects the archive handler component, specifically in the file include/archive.php. The issue was disclosed on January 5, 2023, and was assigned a CVSS v3.1 base score of 9.8 (AttackerKB).

The vulnerability exists in the archive handler component of eXtplorer, specifically affecting the file include/archive.php. The path traversal vulnerability allows manipulation of file paths, potentially enabling unauthorized access to files outside the intended directory structure. The severity is rated as Critical with a CVSS v3.1 base score of 9.8, indicating high impact across confidentiality, integrity, and availability vectors with network-based attack vector, low attack complexity, and no required privileges or user interaction (AttackerKB).

The vulnerability could allow attackers to access files outside the intended directory structure through path traversal manipulation. Given the CVSS score of 9.8, the impact is considered critical with potential high impact on confidentiality, integrity, and availability of the affected system (AttackerKB).

The vulnerability has been fixed in eXtplorer version 2.1.13. Users are recommended to upgrade to this version to address the security issue. The fix is identified by the commit b8fcb888f4ff5e171c16797a4b075c6c6f50bf46 (GitHub Commit, GitHub Release).