|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-08-26 | |
| Rule Name: | ThinkCMF Arbitrary File Deletion Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | ThinkCMF is an open source content management framework (CMF) that supports Swoole, developed based on ThinkPHP. An arbitrary file deletion vulnerability exists in ThinkCMFX 2.2.3. The vulnerability is caused by filtering the input value at the point where the user uploads the avatar. The attacker can delete any file through directory traversal through this vulnerability. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |