Description The plugin does not properly validate files to be deleted in the qcld_openai_delete_training_file function, allowing users with roles as low as subscriber to delete arbitrary files on the server. This vulnerability is the same as CVE-2023-5212 but was accidentally reintroduced in version 4.9.2.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 4.9.3 |