High severity8.1OSV Advisory· Published Jan 15, 2017· Updated Jun 17, 2026
CVE-2017-5480
CVE-2017-5480
Description
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26.0.0-alpha, 6.0.0-alpha.1, 6.1.2-alpha, …+ 1 more
- (no CPE)range: 6.0.0-alpha, 6.0.0-alpha.1, 6.1.2-alpha, …
- (no CPE)range: <=6.8.3
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.