2019-02-17 18:00:00
mitre
PUBLISHED
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.