Skip to content

Security Bug: Arbitrary File Deletion in Admin Panel #1

Open
@faisalfs10x

Description

Hi @hpzeller , I found a file deletion vulnerability in the admin function module

Vulnerability Name: Arbitrary File Deletion in Admin Panel

Date of Discovery: 25 July 2021

Product version: v1.0.9

Vulnerability Description: Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions