Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and previous versions allows remote malicious users to delete arbitrary files via ".." sequences in the old_avatar parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exv2 content management system |