Description In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Remediation References CVE-2019-8358 Related Vulnerabilities WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Cross-Site Scripting (7.1.0) WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Request Forgery (3.0.8) Magento Improper Authorization Vulnerability (CVE-2021-21026) Apache Tomcat Numeric Errors Vulnerability (CVE-2012-0022) WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.28) Severity High Classification CVE-2019-8358 CWE-22 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities