Arbitrary File Deletion Vulnerability in UsualToolCMS v8.0

Arbitrary File Deletion Vulnerability in UsualToolCMS v8.0

CVE-2018-20128 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.