Directory Traversal Vulnerability in phpCms by slackero
CVE-2021-36425

5.4MEDIUM

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 3 February 2023

What is CVE-2021-36425?

A directory traversal vulnerability in phpCms version 1.9.25 enables remote attackers to exploit the application by utilizing an unfiltered $file parameter within the unlink method in the include/inc_act/act_ftptakeover.php file. This flaw allows unauthorized deletion of arbitrary files from the server, posing a significant risk to the integrity and confidentiality of stored data.

References

https://github.com/slackero/phpwcms/issues/311

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jul 12, 2021

JSON

PHPwcms

What is CVE-2021-36425?

References

CVSS V3.1

Timeline