| 제목 | MuYuCMS 2.7 Directory Traversal |
|---|
| 설명 | A critical directory traversal vulnerability exists in MuYuCMS version 2.7 within the template management functionality. The vulnerability is located in the tempdel method of the Template.php controller file (application/admin/controller/Template.php).
This method is responsible for deleting template directories and files. It constructs a filesystem path by directly concatenating user-controlled parameters 'temn' and 'tp' with the document root and template directory path. The constructed path is then passed to the delete_dir_file() function, which recursively deletes the specified directory and all its contents.
The vulnerability arises from the complete lack of input sanitization and path validation. An authenticated attacker can manipulate the 'temn' and 'tp' parameters to include directory traversal sequences (e.g., "../../"), allowing them to escape the intended template directory and target arbitrary directories anywhere on the server filesystem.
When exploited, this vulnerability enables attackers to recursively delete critical system directories, leading to complete system compromise, denial of service, privilege escalation, and irreversible data loss. The recursive nature of the delete_dir_file() function significantly amplifies the impact, as entire directory trees can be removed with a single request. |
|---|
| 원천 | ⚠️ https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe |
|---|
| 사용자 | b1uel0n3 (UID 93016) |
|---|
| 제출 | 2025. 11. 27. AM 05:18 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 16. PM 02:18 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336710 [MuYuCMS 2.7 Template Management Page Template.php delete_dir_file temn/tp 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|