CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20128

An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.4%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.4

References

http://www.iwantacve.cn/index.php/archives/90/
http://www.iwantacve.cn/index.php/archives/90/

Products affected by CVE-2018-20128

Usualtool » Usualtoolcms » Version: 8.0

cpe:2.3:a:usualtool:usualtoolcms:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20128

Products

Pricing

Contact Us