yanyutao0402 ChanCMS Path Traversal Vulnerability in File Deletion Function

A critical path traversal vulnerability has been identified in yanyutao0402 ChanCMS versions through 3.1.2. The issue arises in the 'delfile' function within 'app/extend/utils.js', where the deletion process lacks proper validation of user-supplied file paths. This oversight enables remote attackers to delete arbitrary system files.

Impact

Exploitation of this vulnerability allows for the arbitrary deletion of system files, which could lead to significant disruption or damage to the system's integrity and functionality.

Reproduction

The vulnerability can be reproduced by sending a request to the '/article/delfile' endpoint with a crafted 'url' query parameter that includes a path traversal sequence. This request can be made using a web browser or a tool like curl.

Remediation

Users are advised to upgrade to ChanCMS version 3.1.3, which addresses this vulnerability by implementing necessary security checks on file deletion requests.