H9Dawn

Name of the Vulnerable Software and Affected Versions: AppCMS version 2.0.101 Description: The issue allows attackers to delete arbitrary files on the site due to an arbitrary file deletion vulnerability in /admin/app.php. Recommendations: For AppCMS version 2.0.101, as a temporary workaround, consider restricting access to the /admin/app.php endpoint until a patch is available. Avoid using the vulnerable functionality in /admin/app.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AppCMS version 2.0.101 Description: The issue allows attackers to delete arbitrary files on the site due to an arbitrary file deletion vulnerability in /admin/info.php. Recommendations: For AppCMS version 2.0.101, consider restricting access to the /admin/info.php endpoint until a patch is available. As a temporary workaround, limit the ability to delete files on the site to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: AppCMS version 2.0.101 Description: The issue allows an attacker to perform a cross-site scripting attack, potentially obtaining sensitive information of other users. This is related to the `/admin/template/tpl app.php` file. Recommendations: For AppCMS version 2.0.101, consider restricting access to the `/admin/template/tpl app.php` file until a patch is available. As a temporary workaround, avoid using the `tpl app.php` template to minimize the risk of exploitation.