Arbitrary File Deletion Vulnerability in PHPSHE 1.7
CVE-2018-18485 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:P
An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.
Learn more about our Web Application Penetration Testing UK.