CVE-2018-17837

Name of the Vulnerable Software and Affected Versions JTBC(PHP) version 3.0.1.6

Description An issue allows arbitrary file deletion. This can be achieved via the /console/file/manage.php API endpoint with specific parameters, including type, action, and path. For instance, using the path parameter with a value like c%3A%2F can lead to file deletion.

Recommendations For JTBC(PHP) version 3.0.1.6, as a temporary workaround, consider restricting access to the /console/file/manage.php API endpoint until a patch is available. Avoid using the path parameter in this endpoint to minimize the risk of exploitation.