This script is possibly vulnerable to arbitrary file deletion.
This issue allows an attacker to influence calls to the 'unlink()' function and delete arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to delete specific files.
- Your script should filter metacharacters from user input.
- SMB Administrator account without password
- timthumb.php remote code execution
- WordPress Plugin DP Thumbnail TimThumb Arbitrary File Upload (1.0)
- Joomla! Core 1.6.0 Spam (1.6.0 - 1.6.0)
- WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)