| tiêu đề | MuYuCMS 2.7 Directory Traversal |
|---|
| Mô tả | A critical directory traversal vulnerability exists in MuYuCMS version 2.7 within the template management functionality. The vulnerability is located in the tempdel method of the Template.php controller file (application/admin/controller/Template.php).
This method is responsible for deleting template directories and files. It constructs a filesystem path by directly concatenating user-controlled parameters 'temn' and 'tp' with the document root and template directory path. The constructed path is then passed to the delete_dir_file() function, which recursively deletes the specified directory and all its contents.
The vulnerability arises from the complete lack of input sanitization and path validation. An authenticated attacker can manipulate the 'temn' and 'tp' parameters to include directory traversal sequences (e.g., "../../"), allowing them to escape the intended template directory and target arbitrary directories anywhere on the server filesystem.
When exploited, this vulnerability enables attackers to recursively delete critical system directories, leading to complete system compromise, denial of service, privilege escalation, and irreversible data loss. The recursive nature of the delete_dir_file() function significantly amplifies the impact, as entire directory trees can be removed with a single request. |
|---|
| Nguồn | ⚠️ https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe |
|---|
| Người dùng | b1uel0n3 (UID 93016) |
|---|
| Đệ trình | 27/11/2025 05:18 (cách đây 6 các tháng) |
|---|
| Kiểm duyệt | 16/12/2025 14:18 (19 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 336710 [MuYuCMS 2.7 Template Management Page Template.php delete_dir_file temn/tp duyệt thư mục] |
|---|
| điểm | 20 |
|---|