PT-2019-14531 · Oklite · Oklite
Published
2019-09-09
·
Updated
2019-09-10
·
CVE-2019-16132
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OKLite version 1.2.25
Description
An issue was discovered in the framework/admin/tpl control.php file, allowing remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.
Recommendations
For OKLite version 1.2.25, consider restricting access to the framework/admin/tpl control.php file until a patch is available. As a temporary workaround, avoid using directory-traversal pathnames in the title parameter to minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oklite