CVE-2018-18713

CVE-2018-18713 affects PHPYun 4.6. The vulnerability is in the function down_sql_action() of /admin/model/database.class.php, allowing remote attackers to read arbitrary files via directory traversal using the URI m=database&c=down_sql&name=../. Impact is reading local files; no in-field exploit ...