Directory traversal vulnerability in baijiacmsV4 allows remote authenticated attackers to delete arbitrary folders on the server via unspecified vectors.
Vulnerable code is in system/manager/class/web/database.php
The origin request is http://127.0.0.1:8888/baijiacms/index.php?mod=site&act=manager&do=database&op=delete&id=MTYwMDQ5ODY5OV9RejQzQmhaOQ%3D%3D&beid=1,which is used to delete database backuped folder.We can change the parameter "id" to delete any folders.
Directory traversal vulnerability in baijiacmsV4 allows remote authenticated attackers to delete arbitrary folders on the server via unspecified vectors.
Vulnerable code is in system/manager/class/web/database.php
The origin request is
http://127.0.0.1:8888/baijiacms/index.php?mod=site&act=manager&do=database&op=delete&id=MTYwMDQ5ODY5OV9RejQzQmhaOQ%3D%3D&beid=1,which is used to delete database backuped folder.We can change the parameter "id" to delete any folders.For example:
The text was updated successfully, but these errors were encountered: