Huahuatest001

Name of the Vulnerable Software and Affected Versions: RKCMS version master Description: A vulnerability was discovered in the `filename` parameter in the "/api/v1/login" is not present, however "pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg" endpoint of RKCMS. This issue allows an attacker to perform a directory traversal via a crafted .txt file. Recommendations: For the master version of RKCMS, consider restricting access to the `filename` parameter in the affected endpoint until a patch is available. As a temporary workaround, avoid using the `filename` parameter with untrusted input to minimize the risk of exploitation.