Impact

This bug exists in the backup system where it is possible to delete old backup files. Passing a new base64 encoded string specifying another file on the file system will lead to the file being deleted. This means that potentially any file (with write privileges) by the webserver can be deleted. In many systems, this can also lead to the deletion of files outside the webroot.

NOTE: This vulnerability is only possible to exploit by admin user accounts with super or maintenance roles.

References

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion

For more information

Please contact contact@pentest.co.uk