[原文]Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php.
SitePanel2 5.php id Variable Traversal Arbitrary File Deletion
Remote / Network Access
Denial of Service,
Loss of Availability
SitePanel2 contains a flaw that may allow a remote attacker to delete arbitrary files. The issue is due to the 5.php script not properly sanitizing input passed to the 'id' variable. By specifying arbitrary files to this script, the system will delete the file without proper authentication.
Even if the server runs as user 'nobody', this can be used to delete arbitrary attachments.
Upgrade to version 18.104.22.168 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.