CMSEasy Arbitrary File Deletion Vulnerability in Database Administration Component

A vulnerability allowing arbitrary file deletion has been identified in CMSEasy versions through 7.7.8.0. The issue resides in the database_admin.php file within the administration panel. The vulnerability is caused by inadequate input sanitization, which allows attackers to manipulate file paths and delete arbitrary files from the server.

Impact

Exploitation of this vulnerability leads to unauthorized deletion of files on the server, which can disrupt normal operations and cause data loss.

Reproduction

To reproduce this vulnerability, access the database administration interface and use the 'backAll' action. Submit a POST request with the 'select' parameter containing a crafted file path that exploits directory traversal, such as '.....///1.txt'. The payload will be sanitized to '../1.txt', bypassing security measures and allowing deletion of the specified file. After the request is processed, the targeted file will be removed from the server.