mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
741 B
741 B
CVE-2018-13025
Description
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.
POC
Reference
- https://github.com/zhaoheng521/yxcms/blob/master/Any%20file%20deletion
- https://github.com/zhaoheng521/yxcms/blob/master/Any%20file%20deletion
Github
No PoCs found on GitHub currently.