VYPR

FileEditor

by FlexDotnetCMS

CVEs (1)

  • CVE-2020-27385HigNov 12, 2020
    risk 0.53cvss 8.1epss 0.02

    Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot…