CVE-2015-2970

LEMON-S PHP Simple Oekaki BBS <1.21 - RCE

Title source: llm
STIX 2.1

Description

index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000097
Third Party Advisory x_refsource_confirm
http://jvn.jp/en/jp/JVN61935381/995636/index.html
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN61935381/index.html

Scores

EPSS 0.0164
EPSS Percentile 73.5%

Details

CWE
CWE-22
Status published
Products (1)
lemon-s_php/simple_oekaki < 1.2
Published Jul 10, 2015
Tracked Since Feb 18, 2026