CVE-2023-33604

Name of the Vulnerable Software and Affected Versions Imperial CMS version 7.5

Description The issue allows for arbitrary file deletion via the DelspReFile function in the /sp/ListSp.php API endpoint. Attackers can exploit this by sending a crafted POST request to the vulnerable endpoint.

Recommendations For Imperial CMS version 7.5, consider disabling the DelspReFile function in the /sp/ListSp.php endpoint until a patch is available to prevent exploitation. Restrict access to the /sp/ListSp.php endpoint to minimize the risk of arbitrary file deletion. Avoid using the vulnerable function to handle file operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.