VYPR
High severity8.1OSV Advisory· Published Jan 15, 2017· Updated Jun 17, 2026

CVE-2017-5480

CVE-2017-5480

Description

Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 6.0.0-alpha, 6.0.0-alpha.1, 6.1.2-alpha, …+ 1 more
    • (no CPE)range: 6.0.0-alpha, 6.0.0-alpha.1, 6.1.2-alpha, …
    • (no CPE)range: <=6.8.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.