Niiiiko

**Name of the Vulnerable Software and Affected Versions** svnWebUI version 1.8.3 **Description** The issue allows attackers to delete arbitrary files by sending a crafted POST request. This is achieved via the `dirTemps` parameter under the `com.cym.controller.UserController#importOver` function. **Recommendations** For svnWebUI version 1.8.3, consider restricting access to the `com.cym.controller.UserController#importOver` function until a patch is available. As a temporary workaround, avoid using the `dirTemps` parameter in the affected API endpoint to minimize the risk of exploitation.