| Title | DESHANG DSMall <=6.1.0 Arbitrary File Delete |
|---|
| Description | The DSMall system, in versions up to and including 6.1.0, contains an Arbitrary File Delete vulnerability within the file 'application/home/controller/MemberAuth.php'. This flaw allows an attacker to manipulate a user's property, such as 'member_areainfo', to specify any file path on the server. By subsequently invoking the 'image_drop' function with the manipulated property as a parameter, the attacker can delete any file on the server, including critical system files. This could potentially allow the attacker to reinstall the website and gain control over the target system. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/DxR7FZsCKJQ1 |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/09/2024 11:12 (2 years ago) |
|---|
| Moderation | 01/11/2024 11:23 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 250436 [DeShang DSMall up to 5.0.3 MemberAuth.php file_name path traversal] |
|---|
| Points | 20 |
|---|