CVE-2018-19181

Published: 2018-11-11T17:29Z

Last Modified: 2024-11-21T03:57Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt