Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution up to and including 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
b2evolution b2evolution |