Arbitrary File Deletion Vulnerability in PHPSHE 1.7

Arbitrary File Deletion Vulnerability in PHPSHE 1.7

CVE-2018-18485 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.

Learn more about our Web Application Penetration Testing UK.