CVE-2024-34191

Medium

htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This…

mitre·CWE-35·Published 2024-05-14

CVSS

6.5

EPSS

0.01

KEV

Exploits

cve.orgen

209 chars

htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request.

NVDen

209 chars

NVDes

255 chars

Se descubrió que htmly v2.9.6 contenía una vulnerabilidad de eliminación de archivos arbitraria a través de la función delete_post() en admin.php. Esta vulnerabilidad permite a los atacantes eliminar archivos arbitrarios mediante una solicitud manipulada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N