| Title | GitHub hfly 1.0 Arbitrary file deleteing |
|---|
| Description | Due to the lack of strict directory restrictions or permission verification on file path parameters passed in by users on the server, attackers can perform file operations across directories or even drive letters by constructing special paths (such as directory traversal symbols../). For example, attackers can modify request parameters to read or delete sensitive system files, such as delfile? filename=%2Fconfig%2Fconfig.php, Core database files can be deleted, causing website crashes |
|---|
| Source | ⚠️ https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/PHP-based%20travel%20website-CMS/PHP-based%20travel%20website-CMS%20delfile%20filename%20Arbitrary%20file%20delete.md |
|---|
| User | webray.com.cn (UID 24778) |
|---|
| Submission | 11/28/2025 04:13 (7 months ago) |
|---|
| Moderation | 12/11/2025 08:00 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 335858 [baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c delfile filename path traversal] |
|---|
| Points | 20 |
|---|