Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms up to and including 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
5none nonecms |