Open
Description
Hi @hpzeller , I found a file deletion vulnerability in the admin function module
Vulnerability Name: Arbitrary File Deletion in Admin Panel
Date of Discovery: 25 July 2021
Product version: v1.0.9
Vulnerability Description: Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.
Metadata
Assignees
Labels
No labels