| Titel | GitHub hfly 1.0 Arbitrary file deleteing |
|---|
| Beschreibung | Due to the lack of strict directory restrictions or permission verification on file path parameters passed in by users on the server, attackers can perform file operations across directories or even drive letters by constructing special paths (such as directory traversal symbols../). For example, attackers can modify request parameters to read or delete sensitive system files, such as delfile? filename=%2Fconfig%2Fconfig.php, Core database files can be deleted, causing website crashes |
|---|
| Quelle | ⚠️ https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/PHP-based%20travel%20website-CMS/PHP-based%20travel%20website-CMS%20delfile%20filename%20Arbitrary%20file%20delete.md |
|---|
| Benutzer | webray.com.cn (UID 24778) |
|---|
| Einreichung | 28.11.2025 04:13 (vor 7 Monaten) |
|---|
| Moderieren | 11.12.2025 08:00 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 335858 [baowzh hfly bis 638ff9abe9078bc977c132b37acbe1900b63491c delfile filename Directory Traversal] |
|---|
| Punkte | 20 |
|---|