1 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-16446

https://notcve.org/view.php?id=CVE-2018-16446

An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. Se ha descubierto un problema en SeaCMS hasta la versión 6.61. adm1n/admin_database.php permite que atacantes remotos eliminen archivos arbitrarios mediante secuencias de salto de directorio en el parámetro bakfiles. Esto puede permitir que el producto se reinstale eliminando install_lock.txt. • https://github.com/MichaelWayneLIU/seacms/blob/master/seacms5.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •