|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-05-06 | |
| Rule Name: | CLTPHP delSqlFiles.html Arbitrary File Deletion Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | CLTPHP content management system is an efficient website PHP content management system, but also an open source CMS system. CLTPHP has an arbitrary file deletion vulnerability. The vulnerability is caused by the sqlfilename parameter of the delSqlFiles.html page not effectively filtering the content entered by the user, and a malicious attacker can delete any file on the server through directory traversal. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |