2 matches found
CVE-2018-19197
An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths=../ directory traversal...
CVE-2018-19197
CVE-2018-19197 affects XiaoCms 20141229. The issue is in admin/controller/database.php, where an input parameter allows directory traversal via admin/index.php?c=database&a=import&paths[]=../, enabling arbitrary directory deletion. This is the explicit vulnerability described across multiple conn...