Yihanjinchangtai

**Name of the Vulnerable Software and Affected Versions** BlueCMS version 1.6 **Description** The issue allows for Arbitrary File Deletion through the `file name` parameter in an "/admin/database.php?act=del" request. This flaw can be exploited to delete files arbitrarily. **Recommendations** For BlueCMS version 1.6, as a temporary workaround, consider restricting access to the "/admin/database.php" endpoint or disabling the `file name` parameter in the request until a patch is available. Avoid using the `file name` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.