2018-11-12 05:00:00
mitre
PUBLISHED
An issue was discovered in XiaoCms 20141229. admincontrollerdatabase.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal.