ID CVE-2018-18257
Summary An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
misc https://github.com/rakjong/vuln/blob/master/Bagecms_vuln_2.pdf
Last major update 11-10-2018 - 17:01
Published 11-10-2018 - 17:01
Last modified 11-10-2018 - 17:01
Back to Top