漏洞标题
FlatPress File Delete 面板.mediamanager.file.php 执行ItemActions 路径遍历
漏洞描述信息
FlatPress 文件删除面板。mediamanager.file.php doItemActions 路径遍历
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
FlatPress File Delete panel.mediamanager.file.php doItemActions path traversal
漏洞描述信息
A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability.
CVSS信息
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
FlatPress 路径遍历漏洞
漏洞描述信息
FlatPress是FlatPress社区的一个基于Php无需数据库支持的博客建站系统。 FlatPress存在路径遍历漏洞,该漏洞源于组件File Delete Handler中fp-plugins/mediamanager/panels/panel.mediamanager.file.php文件的函数doItemActions存在问题,对参数deletefile的操作会导致路径遍历。
CVSS信息
N/A
漏洞类别
路径遍历