CVE-2017-5539
Published
CVSS v3
N/A
CVSS v2
9
HIGH
Affected
1
PROJECT
Description
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.
b2evolution CMS: Multiblog/CMS content publishing + forums + email marketing + social network + more... b2evolution includes everything you need to run and maintain a modern website. Optimized for low maintenance with easy upgrades and effective antispam. Full RWD & bootstrap support.
GitHub