CVE-2018-13025

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter...

CVE-2018-13025

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter...

yxcms1.2.9任意文件删除漏洞

yxcms1.2.9版本存在任意文件删除漏洞。漏洞文件：/protected/apps/member/controller/photocontroller.php添加图集时直接获取图片列表，然后进行入库，对图集进行删除时未对删除图片的路径进行任何过滤，如果文件路径存在，就将上传的文件列表进行遍历删除，在类的初始化有个$this-uploadpath=ROOTPATH.'upload/photos/';，可以在上传时将上传路径设置为../../protected/apps/install/install.lock，进行删除时，由于判断该文件存在，所以会被删除，删除install.lock可...