PT-2022-17276 · Unknown · Maxsite Cms
Fuzzyap1
·
Published
2022-02-28
·
Updated
2022-03-08
·
CVE-2022-25412
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Maxsite CMS version v180
Description
The issue allows for arbitrary file deletion. This is achieved through the /admin page/all-files-update-ajax.php endpoint via the
dir and deletefile parameters.Recommendations
For Maxsite CMS version v180, consider restricting access to the /admin page/all-files-update-ajax.php endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the
dir and deletefile parameters in this endpoint until the issue is resolved.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Maxsite Cms