Arbitrary file deletion

Description

This script is possibly vulnerable to arbitrary file deletion.

This issue allows an attacker to influence calls to the 'unlink()' function and delete arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to delete specific files.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
This vulnerability allows attackers to delete arbitrary files.

Recommendation
Your script should filter metacharacters from user input.

References
Acunetix Directory Traversal Attacks