CVE-2018-19228

Name of the Vulnerable Software and Affected Versions LAOBANCMS version 2.0

Description An issue in LAOBANCMS allows arbitrary file deletion via directory traversal in the "admin/pic.php" endpoint, specifically using the del parameter. This can be exploited to delete sensitive files, such as "install/install.txt", which could permit a reinstallation of the system.

Recommendations For LAOBANCMS version 2.0, consider restricting access to the "admin/pic.php" endpoint and the del parameter to prevent arbitrary file deletion until a patch is available. As a temporary workaround, avoid using the del parameter in the "admin/pic.php" endpoint to minimize the risk of exploitation.