2 matches found
CVE-2019-7234
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloade...
CVE-2019-7234
The CVE-2019-7234 entry affects idreamsoft iCMS 7.0.13. The vulnerability stems from an error in admincp.php?app=apps&do=save (via _app=/../ in apps.admincp.php) that enables directory traversal, permitting creation of a ZIP archive containing contents of an arbitrary directory, which can then be...