CVE-2018-15818

HIGH

repute_arforms < 3.5.1 - Arbitrary File Deletion via admin-ajax.php

Title source: llm
STIX 2.1

Description

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9139

Scores

CVSS v3 7.5
EPSS 0.0205
EPSS Percentile 78.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
reputeinfosystems/repute_arforms < 3.5.1
Published Mar 21, 2019
Tracked Since Feb 18, 2026