野草weedcmsV5.2.1 任意删除文件漏洞

2025.04.26

    member.php
    if($action=='edit_member_ok'){ //member.php?action=edit_member_ok
    check_request(); //检查来路
    if(!check_login()){ //检测是否登录会员
    message(array('text'=>$language['please_login'],'link'=>'member.php'));
    }
    ...省略一堆无关东西
    $member_photo_delete=empty($_POST['member_photo_delete'])?'':trim($_POST['member_photo_delete']);
    ..继续省略一堆无关东西
    if(!empty($member_photo_delete)){
    @unlink(ROOT_PATH."/uploads/".$member_photo_delete);
    //直接删除了