CVE-2020-21862

Name of the Vulnerable Software and Affected Versions DuxCMS version 2.1

Description A directory traversal issue allows attackers to delete arbitrary files via the /admin/AdminBackup/del API endpoint. This enables attackers to potentially disrupt system functionality or destroy sensitive data.

Recommendations For DuxCMS version 2.1, as a temporary workaround, consider restricting access to the /admin/AdminBackup/del API endpoint until a patch is available. Additionally, avoid using the delete functionality in the AdminBackup module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.