CVE-2021-36425

Name of the Vulnerable Software and Affected Versions phpcms version 1.9.25

Description The issue allows remote attackers to delete arbitrary files due to a directory traversal vulnerability. This is achieved by exploiting an unfiltered file parameter in the unlink method within the include/inc act/act ftptakeover.php file.

Recommendations For phpcms version 1.9.25, consider restricting access to the unlink method in the include/inc act/act ftptakeover.php file to prevent arbitrary file deletion. Additionally, filtering the file parameter can help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.