CVE-2021-37144

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.9

Description The issue is related to the unlink() function in PHP, which can lead to Arbitrary File Deletion when user input affects the path of the file to remove without sufficient sanitization. This can allow a remote attacker to delete arbitrary files. The problem is also associated with resource release errors in the content management system.

Recommendations For CSZ CMS version 1.2.9, as a temporary workaround, consider restricting access to the unlink() function until a patch is available. Additionally, ensure that all user input is properly sanitized to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.