CVE-2018-18713

Published: 2018-10-29T12:29Z

Last Modified: 2024-11-21T03:56Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt