Arbitrary File Deletion via Directory Traversal in NoneCms 1.3.0

Arbitrary File Deletion via Directory Traversal in NoneCms 1.3.0

CVE-2018-6022 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.

Learn more about our Cis Benchmark Audit For Microsoft Office.