exploitDog

CVE-2018-19228

Опубликовано: 12 нояб. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 6.4

EPSS Низкий

Описание

An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.

Ссылки

https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#del-file
Exploit
Third Party Advisory
https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#del-file
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:laobancms:laobancms:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00718

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-hm3m-339q-q9mh

CVSS3: 7.5

github

больше 3 лет назад

An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.

EPSS

Процентиль: 72%

0.00718

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22