cpe:/a:b2evolution:b2evolution:6.8.4 CVE-2017-5539 2017-01-23T02:59:00.500-05:00 2019-10-02T20:03:26.223-04:00 9.0 NETWORK LOW NONE COMPLETE PARTIAL PARTIAL http://nvd.nist.gov 2017-01-25T23:09:53.440-05:00 BID 95700 CONFIRM http://b2evolution.net/downloads/6-8-5 CONFIRM https://github.com/b2evolution/b2evolution/commit/e35f7c195d8c1103d2d981a48cda5ab45ecac48a CONFIRM https://github.com/b2evolution/b2evolution/issues/36 The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.