CVE-2022-30381

Name of the Vulnerable Software and Affected Versions Merchandise Online Store version 1.0

Description The issue allows for file deletion via the /vloggers merch/classes/Master.php?f=delete img API endpoint. This endpoint is vulnerable to file deletion attacks, potentially allowing unauthorized access to modify or delete files.

Recommendations For Merchandise Online Store version 1.0, consider restricting access to the /vloggers merch/classes/Master.php API endpoint, specifically the f=delete img parameter, to prevent unauthorized file deletion until a patch is available. As a temporary workaround, disabling the delete functionality in the Master.php file could help mitigate the risk of exploitation.