Exploits / Vulnerability Discovered : 2020-05-11 |
Type : webapps |
Platform : php
This exploit / vulnerability Cutenews 2.1.2 arbitrary file deletion is for educational purposes only and if it is used you will do on your own risk!
Description:
------------------------------------------------------------------------
In the "Media Manager" area, users can do arbitrarily file deletion.
Because the developer did not use the unlink() function as secure. So, can
be triggered this vulnerability by a low user account