CVE-2019-9015


02/22/2019

CVE-2019-9015

A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the “column management” function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding directory is deleted, as demonstrated by ./ to delete the entire web site.

Attack vector: 
Network

Product: 
mopcms: mopcms

References: 
https://github.com/yangsuda/mopcms/issues/1

Severity: 
Medium

CVSS Score: 
6.4

CVSS Vector: 
(AV:N/AC:L/Au:N/C:N/I:P/A:P)



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *