2018-08-30 05:00:00
mitre
PUBLISHED
ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in applicationUserControllerProfileController.class.php via an imgurl parameter with a .. sequence. A member user can delete any file on a Windows server.