CVE-2024-45894

Name of the Vulnerable Software and Affected Versions BlueCMS version 1.6

Description The issue allows for Arbitrary File Deletion through the file name parameter in an "/admin/database.php?act=del" request. This flaw can be exploited to delete files arbitrarily.

Recommendations For BlueCMS version 1.6, as a temporary workaround, consider restricting access to the "/admin/database.php" endpoint or disabling the file name parameter in the request until a patch is available. Avoid using the file name parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.