Baowzh Hfly Path Traversal Vulnerability in the delfile Function

A path traversal vulnerability has been identified in Baowzh Hfly versions up to 638ff9abe9078bc977c132b37acbe1900b63491c. The issue arises in an unknown function of the file /admin/index.php/datafile/delfile, where improper validation of the filename argument allows for directory traversal. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion, which can lead to application crashes by removing critical system files, such as core database files.

Reproduction

To reproduce this vulnerability, send a request to the /admin/index.php/datafile/delfile endpoint with a crafted filename parameter that includes directory traversal sequences. This will manipulate the file path resolution, allowing access to files outside the intended directory restrictions. The absence of proper permission checks enables the deletion of sensitive files, causing disruption to the application.