CVE-2018-18485

HIGH

Phpshe - Path Traversal

Title source: rule

Description

An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.

Exploits (1)

gitee WRITEUP 48 stars

by koyshe · phpwriteup

https://gitee.com/koyshe/phpshe/issues/INOG4

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://gitee.com/koyshe/phpshe/issues/INOG4

Scores

CVSS v3 7.5

EPSS 0.0087

EPSS Percentile 75.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-22

Status published

Products (1)

phpshe/phpshe 1.7

Published Oct 18, 2018

Tracked Since Feb 18, 2026