An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal.
References
Link | Resource |
---|---|
https://github.com/gongfuxiang/shopxo/issues/2 | Exploit Third Party Advisory |
Configurations
Information
Published : 2019-01-10 06:29
Updated : 2019-01-18 12:17
NVD link : CVE-2019-5887
Mitre link : CVE-2019-5887
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
shopxo
- shopxo