CVE-2020-18190

Publication date

2020-10-02 13:12:51

Family

mitre

State

PUBLISHED

Description

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.