yxcms V1.3.9 Arbitrary File Deletion Vulnerability in 'tpdel' Function
YXcms is a website management system based on PHP+MySql with a lightweight MVC design model. The yxcms V1.3.9 'tpdel' function is vulnerable to arbitrary file deletion. Since the function only passes a non-empty judgment on the string Mname fname, as long as the path is correct, arbitrary files c...