CVE-2018-19181

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file.
References
Link Resource
https://github.com/doublefast/yunucms/issues/1 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:yunucms:yunucms:1.1.5:*:*:*:*:*:*:*

Information

Published : 2018-11-11 05:29

Updated : 2018-12-12 02:56


NVD link : CVE-2018-19181

Mitre link : CVE-2018-19181

Products Affected
No products.
CWE