An issue exists in PHPSHE 1.7. admin.php?mod=db&act=del allows remote malicious users to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpshe phpshe 1.7 |