{"id":"CVE-2018-6022","details":"Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\\ in the param.path parameter.","modified":"2026-03-14T09:30:00.697563Z","published":"2018-01-23T06:29:00.337Z","references":[{"type":"EVIDENCE","url":"http://blackwolfsec.cc/2018/01/22/Nonecms/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nangge/nonecms","events":[{"introduced":"0"},{"last_affected":"39d10bf0edca16b0fefb945191bdfdb6d091f1d6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.0"}]}}],"versions":["v1.1.0","v1.2.0","v1.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6022.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}