VYPR
Medium severity4.9NVD Advisory· Published Nov 12, 2018· Updated Jun 17, 2026

CVE-2018-19197

CVE-2018-19197

Description

An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal.

Affected products

2
  • Xiaocms/Xiaocmsinferred2 versions
    <=20141229+ 1 more
    • (no CPE)range: <=20141229
    • (no CPE)range: = 20141229

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.