Directory Traversal Vulnerability in WonderCMS by WonderCMS
CVE-2018-7172

4.9MEDIUM

Key Information:

Vendor

Wondercms

Status
Wondercms
Vendor
CVE Published:
27 February 2018

What is CVE-2018-7172?

In versions of WonderCMS prior to 2.4.1, a vulnerability exists that allows remote attackers to exploit directory traversal, leading to the potential deletion of arbitrary files on the server. This flaw can severely compromise the integrity and availability of the web application, making it essential for users to update to the latest version to mitigate risks associated with unauthorized file access.

References

http://foreversong.cn/archives/1070
x_refsource_MISC
https://github.com/robiso/wondercms/commit/64efdc4fd974c8...
x_refsource_CONFIRM
https://www.wondercms.com/whatsnew
x_refsource_CONFIRM

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2018-7172 : Directory Traversal Vulnerability in WonderCMS by WonderCMS