CVE-2020-20290
HIGHyccms 3.3 - Path Traversal via delete, deletesite, and deleteAll Functions
Title source: llmDescription
Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.jiguang.xyz/posts/yccms-directory-traversal-vulnerability-report/
Scores
CVSS v3
7.5
EPSS
0.0133
EPSS Percentile
67.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
yccms/yccms
3.3
Published
Feb 01, 2021
Tracked Since
Feb 18, 2026