H1B1Ki

**Name of the Vulnerable Software and Affected Versions** BaiCloud-cms version 2.5.7 **Description** The issue allows an attacker to delete arbitrary files on the server through the "/user/ppsave.php" API endpoint. This is an arbitrary file deletion vulnerability. **Recommendations** For BaiCloud-cms version 2.5.7, consider restricting access to the "/user/ppsave.php" API endpoint until a patch is available. As a temporary workaround, disabling the functionality associated with this endpoint may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.