CVE-2018-18831

HIGH7.5EPSS 0.46%

Path Traversal in minsoft:ms-mcms

Published: 11/1/2018Modified: 11/8/2023

Description

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.

Affected packages (1)

Maven/net.mingsoft:ms-mcmsfrom 0, <= 4.6.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (3)

ADVISORYhttps://github.com/advisories/GHSA-7hjp-97g3-rq93
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-18831
WEBhttps://gitee.com/mingSoft/MCMS/issues/IO0K0