Design/Logic Flaw

idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data...

CVE-2022-27333

The CVE-2022-27333 issue affects idcCMS v1.10, where an attacker can arbitrarily delete the install.lock file, causing a reset of CMS settings and data. The vulnerability is described consistently across multiple sources as a deletion of install.lock, with no publicly detailed exploit chain beyon...

CVE-2021-34129

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter...

Directory traversal

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...

YzmCMS_v3.6 Arbitrary File Deletion Vulnerability

YzmCMS is a lightweight and open source content management system based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. YzmCMSv3.6 has an arbitrary file deletion vulnerability. Attackers by cracking the background default account password , construct URL...