Path traversal

2018-11-0509:29:00

PRIOn knowledge base

www.prio-n.com

0.002 Low

EPSS

Percentile

57.3%

JSON

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.

CPENameOperatorVersion
kindeditorle4.1.11

CPE	Name	Operator	Version
	kindeditor	le	4.1.11

References

github.com/kindsoft/kindeditor/issues/289

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for PRION:CVE-2018-18950