CVE-2019-7235
The CVE-2019-7235 entry concerns idreamsoft iCMS 7.0.13. A directory traversal flaw exists in admincp.php?app=apps&do=save that can be triggered through _app=/../ to designate an arbitrary directory; this path can then be deleted via an admincp.php?app=apps&do=uninstall request. The connected doc...