A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding directory is deleted, as demonstrated by ./ to delete the entire web site.
References
Link | Resource |
---|---|
https://github.com/yangsuda/mopcms/issues/1 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-02-22 16:29
Updated : 2023-12-10 12:44
NVD link : CVE-2019-9015
Mitre link : CVE-2019-9015
CVE.ORG link : CVE-2019-9015
JSON object : View
Products Affected
mopcms
- mopcms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')