CVE-2019-16902

2019-09-27T11:15:00
ID CVE-2019-16902
Type cve
Reporter cve@mitre.org
Modified 2019-09-27T20:30:00

Description

In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.