PT-2021-11194 · Baijiacms · Baijiacms
Ke7B3R0Sop
·
Published
2021-10-29
·
Updated
2021-11-03
·
CVE-2020-25873
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Baijiacms V4
Description:
A directory traversal issue was found in the system/manager/class/web/database.php component, allowing attackers to delete folders on the server using the
id parameter.Recommendations:
For Baijiacms V4, consider restricting access to the vulnerable component system/manager/class/web/database.php until a patch is available. As a temporary workaround, avoid using the
id parameter in the affected API endpoint to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Baijiacms