ThinkCMF Arbitrary File Deletion Vulnerability
ThinkCMF is a CMS Content Management System based on ThinkPHP. An arbitrary file deletion vulnerability exists in the 'doavatar' function in the \application\User\Controller\ProfileController.class.php file in ThinkCMF version X2.2.3. An attacker can delete arbitrary files with the help of the...