Vulnerabilities > CVE-2018-18626 - Unspecified vulnerability in PHPyun 4.6

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

phpyun

NVD

Published: 2018-10-23

Updated: 2024-11-21

Summary

An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter.

Vulnerable Configurations

Part	Description	Count
Application	Phpyun Phpyun Phpyun 4.6	1

References

http://str3am.me/2018/10/23/CVE_01/#more
http://str3am.me/2018/10/23/CVE_01/#more