CVE-2018-20128
UsualToolCMS v8.0 (UTCMS) contains a vulnerability in cmsadmin\a_sqlback.php where a backname[] directory-traversal pathname can be crafted to delete arbitrary files. Remote attackers could exploit this to delete arbitrary files on the affected system. The root cause is a directory-traversal in t...