What the vulnerability does
01Description
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
Explanation of Vulnerability in Simple Terms
Paid Videochat Turnkey Site versions up to 7.4.8 contain a path traversal vulnerability that allows authenticated users to read, write, or delete arbitrary files on the server. An attacker with low-level account access can bypass directory restrictions and access sensitive files outside the intended application directories. This can lead to complete compromise of the site's data and functionality.
What an attacker can do
Read, write, or delete arbitrary files on the server outside the application's intended directories.
Potential impact on your site
Attackers with basic user accounts can access sensitive configuration files, database credentials, or modify core application files.
Conditions required to exploit
Attacker must have a low-privilege user account on the site; no special user interaction required.
Key dates
External resources
Related vulnerabilities