Security Advisory

CVE-2018-18713

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-10-27 22:00:00

Last updated 2024-08-05 11:16:00

Assigner mitre

State PUBLISHED

Description

The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI.

← Browse all CVEs View on cve.org ↗