b2evolution is vulnerable to directory traversal vulnerability. It allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a ..
(dot dot) in the fm_selected
array parameter of inc/files/files.ctrl.php
.
CPE | Name | Operator | Version |
---|---|---|---|
b2evolution | le | 6.7.9 | |
b2evolution | le | 6.9.5 | |
b2evolution | le | 5.1.3 | |
b2evolution | le | 6.8.3 |