Rawchen Sims Path Traversal Vulnerability in DeleteFileServlet Endpoint

A path traversal vulnerability has been identified in Rawchen Sims versions up to 004f783b1db5ecdfad81c8fdc3b34171211112de. The issue resides in the DeleteFileServlet endpoint, specifically within the file DeleteFileServlet.java. This vulnerability allows remote attackers to manipulate the filename parameter, potentially leading to unauthorized deletion of critical server files. Such actions could result in system disruption, data loss, or a complete failure of the service.

Impact

Exploitation of this vulnerability allows for unauthorized arbitrary file deletion, which could lead to critical server file loss, causing system paralysis, data loss, or complete service failure.

Reproduction

To reproduce this vulnerability, send a GET request to the DeleteFileServlet endpoint with a crafted filename parameter that includes path traversal sequences. The server will process the request without proper permission checks or input validation, allowing the deletion of arbitrary files on the server.