CVE-2018-18626

Name of the Vulnerable Software and Affected Versions PHPYun version 4.6

Description A security issue was found in PHPYun, where a vulnerability allows the deletion of any file or directory. This is possible due to the mishandling of the sql parameter by the del action() function in the admin/model/database.class.php file, specifically when accessing the "admin/index.php?m=database&c=del" endpoint.

Recommendations For PHPYun version 4.6, as a temporary workaround, consider restricting access to the "admin/index.php?m=database&c=del" endpoint until a patch is available. Additionally, avoid using the sql parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.