3 matches found
CVE-2018-19181
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...
CVE-2018-19181
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...
CVE-2018-19181
The CVE affects YUNUCMS 1.1.5, where statics/ueditor/php/vendor/Local.class.php is exploitable through statics/ueditor/php/controller.php?action=remove with a directory-traversal path. This allows arbitrary file deletion (demonstrated by deleting install.lock). Root cause is a vulnerable remove a...