PT-2018-13906 · Cscms · Cscms

Published

2018-09-17

Updated

2018-11-19

CVE-2018-17125

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions CScms version 4.1

Description The issue allows for arbitrary directory deletion. This can be achieved by using a specific substring dir=.. in requests to the "pluginssysadminPlugins.php" endpoint.

Recommendations For CScms version 4.1, consider restricting access to the "pluginssysadminPlugins.php" endpoint until a patch is available. As a temporary workaround, avoid using the dir parameter with substring .. to prevent arbitrary directory deletion.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-17125

Affected Products

Cscms

PT-2018-13906 · Cscms · Cscms

CVE-2018-17125

Weakness Enumeration

Related Identifiers

Affected Products

References · 4