CVE-2018-19748
CVE-2018-19748 – affected software : SDCMS 1.6, vulnerability in app/plug/attachment/controller/admincontroller.php. Issue : directory traversal via a vulnerable request to /?m=plug&c=admin&a=index&p=attachment&root=, where the root parameter must be base64 encoded. Impact : reading arbitrary fil...