High severity7.5OSV Advisory· Published Nov 5, 2018· Updated Jun 17, 2026
CVE-2018-18950
CVE-2018-18950
Description
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v4.1, v4.1.1, v4.1.10, …+ 1 more
- (no CPE)range: v4.1, v4.1.1, v4.1.10, …
- (no CPE)range: <=4.1.11
Patches
Vulnerability mechanics
References
1- github.com/kindsoft/kindeditor/issues/289nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.