CVE-2021-41729

Name of the Vulnerable Software and Affected Versions BaiCloud-cms version 2.5.7

Description The issue allows an attacker to delete arbitrary files on the server through the "/user/ppsave.php" API endpoint. This is an arbitrary file deletion vulnerability.

Recommendations For BaiCloud-cms version 2.5.7, consider restricting access to the "/user/ppsave.php" API endpoint until a patch is available. As a temporary workaround, disabling the functionality associated with this endpoint may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.