CVE-2018-5259

Name of the Vulnerable Software and Affected Versions DiscuzX version X3.4

Description The issue allows remote authenticated users to bypass intended attachment-deletion restrictions. This is achieved by modifying the aid parameter.

Recommendations For version X3.4, consider restricting access to the attachment deletion functionality until a patch is available. As a temporary workaround, avoid using the modified aid parameter to minimize the risk of exploitation.