|Vulnerability type||Overflow, Memory corruption, XXE injection|
FileCloud users are not at risk of being exposed to these vulnerabilities. However, FileCloud is updating PHP to the latest version, currently 8.2.10.
|Versions affected||FileCloud Versions 22.1 and 23.1 are not affected by these vulnerabilities, but use the versions of PHP affected.|
|Version fixed||FileCloud Version 23.1.2 and later|
In PHP versions 8.0.*, 8.1.*, and 8.2.*:
- When loading a phar file and reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or remote code execution (RCE).
- Potential disclosure of local files accessible to PHP may occur.
FileCloud is thoroughly tested with specific PHP versions, and using newer versions may affect functionalities; therefore, it is important that customers do not upgrade their PHP versions beyond what is bundled with FileCloud.
As FileCloud keeps up to date with the latest versions of all software, FileCloud version 126.96.36.19922 upgrades PHP to the latest version, 8.2.10.
What you should do to fix this vulnerability
- If you are using FileCloud Server, we recommended that you update to the latest version, which is 188.8.131.5222 or greater.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.