CVE-2026-7024

Name of the Vulnerable Software and Affected Versions rawchen sims versions prior to 004f783b1db5ecdfad81c8fdc3b34171211112de

Description A path traversal flaw exists in the 'deleteFileServlet' endpoint within the file sims-master/src/web/servlet/file/DeleteFileServlet.java. A remote attacker can exploit this by manipulating the filename argument. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder by manipulating variables that reference files with dot-dot-slash (../) sequences.

Recommendations Update to a version later than 004f783b1db5ecdfad81c8fdc3b34171211112de. As a temporary workaround, restrict access to the 'deleteFileServlet' endpoint or avoid using the filename parameter until a patch is applied.