KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/kindsoft/kindeditor/issues/289 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-05T09:00:00Z
Updated: 2024-09-16T17:18:49.668Z
Reserved: 2018-11-05T00:00:00Z
Link: CVE-2018-18950
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-11-05T09:29:00.713
Modified: 2018-12-10T20:41:07.667
Link: CVE-2018-18950
Redhat
No data.