BlueCMS 1.6 allows Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del  request.

1 Cause of vulnerability ： The parameter file_name  on line 210 of admin/database.php  are unfiltered，so an attacker can use the input of this variable to achieve path traversal, resulting in the deletion of any file

2 Vulnerability condition：rights of administrator

3 Vulnerability recurrence：
                                          ① Operation environment construction：mysql+windows+php+apache  OR phpstudy
                                          ② Access /admin login in to administrator privileges
                                          ③ Access  /admin/database.php?act=del&file_name=../../robots.txt ；Successfully deleted file.




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

BlueCMS 1.6 allows Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

BlueCMS 1.6 allows Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions