Описание
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hongcms_project:hongcms:3.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00314
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
EPSS
Процентиль: 54%
0.00314
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-22