CVE-2018-5259

HIGH

DiscuzX X3.4 - Authenticated Attachment Deletion Restriction Bypass via aid Parameter

Title source: llm

Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.

Core 2

Core References

Third Party Advisory x_refsource_misc

Third Party Advisory x_refsource_misc

CVSS v3 8.8

EPSS 0.0041

EPSS Percentile 61.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Status published

Products (1)

discuz/discuzx x3.4

Published Jan 08, 2018

Tracked Since Feb 18, 2026