3 matches found
CVE-2019-15952
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...
CVE-2019-15952
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...
CVE-2019-15952
Total.js CMS 12.0.0 contains a path traversal vulnerability exploitable by an authenticated user with the Pages privilege to include outside-directory .html files. If a page contains a template directive, it is server-side processed, enabling an attacker who can control the content of a .html fil...