2018-01-23 06:00:00
mitre
PUBLISHED
Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a .. in the param.path parameter.