3 matches found
CVE-2019-13915
b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. ...
CVE-2019-13915
b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. ...
CVE-2019-13915
CVE-2019-13915 : In b3log Wide, prior to version 1.6.0, three attack types enable arbitrary file read/write. 1) An attacker can insert and run code in the editor about three times to read an arbitrary file. 2) An attacker can create a symlink and place it in a ZIP archive; an unzip operation gran...