exploitDog

GHSA-xx8v-9cvf-fc7h

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Ссылки

EPSS

Процентиль: 75%

0.00903

Низкий

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2012-6064

nvd

больше 12 лет назад

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

EPSS

Процентиль: 75%

0.00903

Низкий

CVE ID

Дефекты

CWE-22