CVE-2018-20127
zzzphp cms 1.5.8 contains a flaw in the del_file function of /admin/save.php that permits remote deletion of arbitrary files via a mixed-case extension and an extra '.' character (e.g., path=F:/1.phP.). Root cause: improper validation of file extensions and path syntax leads to arbitrary file del...