CVE-2018-20128

An issue was discovered in UsualToolCMS v8.0. cmsadmin\asqlback.php allows remote attackers to delete arbitrary files via a backname directory-traversal pathname followed by a crafted substring...