Description In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Remediation References CVE-2019-8358 Related Vulnerabilities WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0) Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093) WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Cross-Site Scripting (3.69.6) WordPress Plugin Caldera Forms-More Than Contact Forms Multiple Cross-Site Scripting Vulnerabilities (1.5.9.1) WordPress Plugin Newsletter-Send awesome emails from WordPress Open Redirect (2.6.4.4) Severity High Classification CVE-2019-8358 CWE-22 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities