CVE-2022-28527

Name of the Vulnerable Software and Affected Versions dhcms version 20170919

Description The issue allows for arbitrary folder deletion via the /admin.php?r=admin/AdminBackup/del API endpoint. This could potentially lead to data loss or disruption of service. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For dhcms version 20170919, as a temporary workaround, consider restricting access to the /admin.php?r=admin/AdminBackup/del API endpoint until a patch is available. Avoid using the del parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.