Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Bug: Arbitrary File Deletion in Admin Panel #1

Open
faisalfs10x opened this issue Jul 24, 2021 · 1 comment
Open

Security Bug: Arbitrary File Deletion in Admin Panel #1

faisalfs10x opened this issue Jul 24, 2021 · 1 comment

Comments

@faisalfs10x
Copy link

Hi @hpzeller , I found a file deletion vulnerability in the admin function module

Vulnerability Name: Arbitrary File Deletion in Admin Panel

Date of Discovery: 25 July 2021

Product version: v1.0.9

Vulnerability Description: Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.

@Cristian-Bejan
Copy link

Hi @faisalfs10x , can you please provide a PoC or share more details regarding this vulnerability?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants