Arbitrary File Deletion Vulnerability in Wuzhicms by Wuzhicms
CVE-2020-28145

7.5HIGH

Key Information:

Vendor: Wuzhicms
Status: Wuzhicms
Vendor: CVE Published:; 12 October 2021

What is CVE-2020-28145?

An arbitrary file deletion vulnerability exists in Wuzhicms v4.0.1, specifically in the coreframe\app\attachment\admin\index.php component. This flaw allows malicious actors to delete files in the system, which can potentially lead to unauthorized access to sensitive information. The issue can compromise the integrity and confidentiality of the application, making it essential for users to apply patches and enhance their security measures. For more details, refer to the associated issue reports on GitHub and CNVD.

References

https://github.com/wuzhicms/wuzhicms/issues/191

x_refsource_MISC

https://www.cnvd.org.cn/flaw/show/2394661

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2021
Vulnerability Reserved
Nov 2, 2020