Description
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-0440 Vulnerability (CVE-2013-0440)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2600)
WordPress Plugin WooCommerce BuddyPress Integration Security Bypass (3.2.5)
MediaWiki Resource Management Errors Vulnerability (CVE-2015-8002)
phpList Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-3188)