CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18257

An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.4

References

https://github.com/rakjong/vuln/blob/master/Bagecms_vuln_2.pdf
https://github.com/rakjong/vuln/blob/master/Bagecms_vuln_2.pdf

Products affected by CVE-2018-18257

Bagesoft » Bagecms » Version: 3.1.3

cpe:2.3:a:bagesoft:bagecms:3.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18257

Products

Pricing

Contact Us