|Overflow, Memory corruption, XXE injection
FileCloud users are not at risk of being exposed to these vulnerabilities. However, FileCloud is updating PHP to the latest version, currently 8.2.10.
|FileCloud Versions 22.1 and 23.1 are not affected by these vulnerabilities, but use the versions of PHP affected.
|FileCloud Version 23.1.2 and later
In PHP versions 8.0.*, 8.1.*, and 8.2.*:
- When loading a phar file and reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or remote code execution (RCE).
- Potential disclosure of local files accessible to PHP may occur.
FileCloud is thoroughly tested with specific PHP versions, and using newer versions may affect functionalities; therefore, it is important that customers do not upgrade their PHP versions beyond what is bundled with FileCloud.
As FileCloud keeps up to date with the latest versions of all software, FileCloud version 18.104.22.16822 upgrades PHP to the latest version, 8.2.10.
What you should do to fix this vulnerability
- If you are using FileCloud Server, we recommended that you update to the latest version, which is 22.214.171.12422 or greater.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.