High
CVSS 7.2
Overview
A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.
CVE-2025-46359
A path traversal issue exists in backup and restore feature of multiple versions...
Risk analysis
This vulnerability is rated 🟠 HIGH.
- CVSS: 7.2 (HIGH)
- Detected tags: path, rce (tag impact: VERY HIGH)
Recommended actions:
- Canonicalize path; block `..` traversal; use allowlists.
- Patch/upgrade immediately (remote code execution).
- Reduce exposure (WAF/segmentation), minimize attack surface.