www.yuyue-cms.com
yuyuecms version 1.2
Administrator / controller to delete the index method Vulnerability
See catfishcmsCatfish isPost static method
If the static method call verification
If true exec sql, then the session returns
deletefile way
isDataPath method
You can see the function of judge $ path 0,5 == data / no repalace ../../
So that we can remove the vulnerabilities /../../ filename achieved by structrue data file
poc: acquiring input codes path data /../../ filename delfile