CVE-2020-24930

Name of the Vulnerable Software and Affected Versions: Wuzhi CMS version 4.0.1

Description: The Wuzhi CMS backend in a .php file has an arbitrary file deletion issue. Attackers can exploit this to delete arbitrary files.

Recommendations: For Wuzhi CMS version 4.0.1, consider restricting access to the vulnerable .php file in the backend until a patch is available. As a temporary workaround, monitor file system changes closely to detect potential unauthorized file deletions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.