CVE-2018-18936

Name of the Vulnerable Software and Affected Versions PopojiCMS version 2.0.1

Description An issue in admin library.php allows remote attackers to delete arbitrary files via directory traversal in the "po-admin/route.php?mod=library&act=delete" endpoint, specifically using the id parameter.

Recommendations For PopojiCMS version 2.0.1, consider restricting access to the po-admin/route.php?mod=library&act=delete endpoint to minimize the risk of exploitation, and avoid using the id parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.