CVE-2018-12309

Published: 2018-12-04T17:29Z

Last Modified: 2024-11-21T03:44Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt