2017-07-20 22:00:00
mitre
PUBLISHED
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use .. to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.