Heyyy! The endpoint "/tcdrop/deleteCachedFile" is vulnerable to arbitrary file deletion attacks. There deletion relies on a user supplied input via the "file" parameter. There is no validation of the input and if a user supplies a payload like this file=../../../../../../../../../../../tmp/abc4.txt, it can technically delete any file given whatever access right it has.
Heyyy! The endpoint "/tcdrop/deleteCachedFile" is vulnerable to arbitrary file deletion attacks. There deletion relies on a user supplied input via the "file" parameter. There is no validation of the input and if a user supplies a payload like this
file=../../../../../../../../../../../tmp/abc4.txt, it can technically delete any file given whatever access right it has.