Description In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Remediation References CVE-2019-8358 Related Vulnerabilities WordPress Plugin Adning Advertising-Professional, All In One Ad Manager for Wordpress Arbitrary File Upload (1.5.5) WordPress Plugin WP Google Review Slider Cross-Site Scripting (11.5) XWikiplatform Incorrect Authorization Vulnerability (CVE-2024-55662) WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions SQL Injection (2.9.7) WordPress Plugin WordPress-Amazon-Associate (WPAA) Cross-Site Scripting (2.0) Severity High Classification CVE-2019-8358 CWE-22 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities