High severity7.5NVD Advisory· Published Oct 29, 2018· Updated Jun 17, 2026
CVE-2018-18713
CVE-2018-18713
Description
The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI.
Affected products
1Patches
Vulnerability mechanics
References
2- jlkl.github.io/2018/10/25/CVE_02/nvdBroken LinkThird Party Advisory
- str3am.me/2018/10/25/CVE_02/nvdBroken LinkThird Party AdvisoryURL Repurposed
News mentions
0No linked articles in our index yet.