Description
This script is vulnerable to arbitrary file deletion.
This issue allows an attacker to influence calls to the 'unlink()' function and delete arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to delete specific files.
Remediation
Your script should filter metacharacters from user input.
References
Related Vulnerabilities
Lucee Server Arbitrary File Creation
Squid Improper Input Validation Vulnerability (CVE-2014-0128)
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000394)
Joomla Improper Input Validation Vulnerability (CVE-2013-3242)
Telerik Web UI Improper Input Validation Vulnerability (CVE-2017-11357)