CVE-2018-25308 | donmik Buddypress Xprofile Custom Fields Type 2.6.3 POST Parameter field_hiddenfile/field_deleteimg path traversal (Exploit 44432 / EDB-44432)

A vulnerability described as critical has been identified in donmik Buddypress Xprofile Custom Fields Type 2.6.3. Affected by this issue is some unknown functionality of the component POST Parameter Handler. Such manipulation of the argument field_hiddenfile/field_deleteimg leads to path traversal.

This vulnerability is listed as CVE-2018-25308. The attack may be performed from remote. In addition, an exploit is available.VulDB Recent EntriesRead More