Viivyao

Name of the Vulnerable Software and Affected Versions: LaikeTui version 3.5.0 Description: The issue allows remote authenticated users to delete arbitrary files. This can be achieved through directory traversal in the `uploadImg`, `oldpic`, or `imgurl` parameter, as demonstrated by deleting `install.lock` to enable reinstallation of the product in a manner controlled by the attacker. Recommendations: For LaikeTui version 3.5.0, consider restricting access to the `uploadImg`, `oldpic`, and `imgurl` parameters to prevent directory traversal attacks until a patch is available. As a temporary workaround, limit the ability of authenticated users to delete files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LaikeTui version 3.5.0 **Description** The issue allows remote authenticated users to execute arbitrary PHP code by uploading a ZIP archive containing a .php file. This can be achieved by using the "index.php?module=system&action=pay" endpoint to upload the malicious ZIP archive. For example, using the ../../../../phpinfo.php pathname. The vulnerability exists due to insufficient input validation in the ZIP Archive Handler component. **Recommendations** For LaikeTui version 3.5.0, consider disabling the `module=system&action=pay` functionality in the "index.php" endpoint until a patch is available to prevent the upload of malicious ZIP archives. Restrict access to the ZIP Archive Handler component to minimize the risk of exploitation. Avoid using the `module` and `action` parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.