An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter.
References
Link | Resource |
---|---|
http://str3am.me/2018/10/23/CVE_01/#more | Broken Link Third Party Advisory URL Repurposed |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:04
Updated: 2022-10-03T16:22:04
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-18626
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-23T19:29:00.230
Modified: 2024-02-14T01:17:43.863
Link: CVE-2018-18626
JSON object: View
Redhat Information
No data.
CWE