VYPR
Medium severity6.5OSV Advisory· Published Jan 23, 2018· Updated Jun 17, 2026

CVE-2018-6022

CVE-2018-6022

Description

Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.