Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FlatPress File Delete panel.mediamanager.file.php doItemActions path traversal
Vulnerability Description
A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
FlatPress 路径遍历漏洞
Vulnerability Description
FlatPress是FlatPress社区的一个基于Php无需数据库支持的博客建站系统。 FlatPress存在路径遍历漏洞,该漏洞源于组件File Delete Handler中fp-plugins/mediamanager/panels/panel.mediamanager.file.php文件的函数doItemActions存在问题,对参数deletefile的操作会导致路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A