CVE-2019-8291

Summary

Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.

Affected Software

VendorProductVersion RangeStatus
abcprintfOnline Storeunspecified <= 1.0affected

Weaknesses

  • unauthenticated arbitrary file deletions via path traversal

ADP Enrichment

CVE Program Container

Additional References

References