CVE-2019-7234

2019-01-3021:00:00

mitre

www.cve.org

AI Score

9.1

Confidence

High

EPSS

0.004

Percentile

75.2%

JSON

An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/…/ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.

References

github.com/idreamsoft/iCMS/issues/51