| タイトル | code-projects Document Management System 1.0 Improper Input Validation |
|---|
| 説明 | A Path Traversal vulnerability (CWE-22) was discovered in the dell.php file of code-projects Document Management System 1.0.
The vulnerability exists because the application, when performing a file deletion operation, directly passes the which parameter from a GET request to the unlink() function without adequately validating or sanitizing the user-supplied path to confine it to the intended directory.
This allows a remote attacker to use path traversal sequences (e.g., ../) to construct a path to an arbitrary file on the server and delete it, provided the web server process has the necessary write permissions. Successful exploitation of this vulnerability could lead to the deletion of critical application files, configuration files, or system files, resulting in a Denial of Service (DoS) or more severe system damage. |
|---|
| ソース | ⚠️ https://github.com/i-Corner/cve/issues/14 |
|---|
| ユーザー | iC0rner (UID 82839) |
|---|
| 送信 | 2025年07月30日 09:22 (11 月 ago) |
|---|
| モデレーション | 2025年07月31日 20:49 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 318461 [code-projects Document Management System 1.0 /dell.php unlink 識別子 ディレクトリトラバーサル] |
|---|
| ポイント | 20 |
|---|