Headline
CVE-2020-24930: wuzhicms v4.1.0 Any file deletion vulnerability exists in the background · Issue #191 · wuzhicms/wuzhicms
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
Related news
ECOA Building Automation System Cross-Site Request Forgery
The Building Automation System / SmartHome allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform any CRUD operation like user creation, alarm shutdown and account password change with administrative privileges if a logged-in user visits a malicious web site.