Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-16141 | 1 Thinkcmf | 1 Thinkcmfx | 2018-11-06 | 5.5 MEDIUM | 6.5 MEDIUM |
ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server. |