CWE-22

CVE-2020-18190

February 26, 2023 by

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.

CVE-2020-18191

February 26, 2023 by

GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php

CVE-2020-18070

February 26, 2023 by

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the “do_del()” method of the component “database.admincp.php”.

CVE-2020-18127

February 26, 2023 by

An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files.

CVE-2020-17563

February 26, 2023 by

Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to ” /index.php?s=/admin-tpl-del&id=”.

CVE-2020-17564

February 26, 2023 by

Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the ” Admin/DataAction.class.php” component.