The indeximg field is also deleted when the column is deleted in /app/system/column/admin/index.class.php: _delolumn and fileUnlink, and the indeximg field can be arbitrarily specified by the background user (in the function of adding a column picture).
Vulnerability Name: Metinfo CMS Arbitrary File Deletion
Product Homepage: https://www.metinfo.cn/
Software link: https://u.mituo.cn/api/metinfo/download/7.0.0
Version: V7.0.0
The indeximg field is also deleted when the column is deleted in
/app/system/column/admin/index.class.php: _delolumn and fileUnlink, and the indeximg field can be arbitrarily specified by the background user (in the function of adding a column picture).POC
Then we delete the column, and the file will be deleted as well.

The text was updated successfully, but these errors were encountered: