Arbitrary file deletion

2022-03-2516:15:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.

CPENameOperatorVersion
tinyshopeq3.1.1

CPE	Name	Operator	Version
	tinyshop	eq	3.1.1

References

tinyrise.com/

tinyrise.com/down.html

imgur.com/dg1DM5T

imgur.com/pA8OWxa