| Title | https://www.ctcms.cn/ CTCMS Content Management System V2.1.2 Arbitrary File Deletion |
|---|
| Description | CTCMS contains an arbitrary file deletion vulnerability in the del() function located in ctcms\apps\controllers\admin\Tpl.php. The function improperly sanitizes user input by stripping .. and //, but this can be bypassed using combinations of ./ and ../. An attacker can craft payloads to traverse outside the intended directory and delete arbitrary files on the server, such as critical configuration files (config.php), sensitive data files, or even core system files like install.lock. Deleting these files can cause the website to crash, force a system reinstallation, expose sensitive information, or even lead to complete system compromise, making this a highly critical vulnerability. |
|---|
| Source | ⚠️ https://github.com/xiaoyangsec/ctcms/blob/main/CTCMS_Arbitrary_File_Deletion_Vulnerability_Authenticated.md |
|---|
| User | xiaoyang (UID 84496) |
|---|
| Submission | 04/28/2025 07:25 (1 Year ago) |
|---|
| Moderation | 05/10/2025 17:25 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 308292 [CTCMS Content Management System 2.1.2 File Tpl.php del path traversal] |
|---|
| Points | 20 |
|---|