Arbitrary File Deletion
Description
The application is vulnerable to arbitrary file deletion through insufficient input validation of file path parameters. When user-supplied input is passed directly to file deletion functions (such as unlink()) without proper sanitization, attackers can exploit directory traversal sequences (e.g., ../) to navigate the file system and delete files outside the intended directory. This occurs when the application fails to validate or restrict file paths before performing deletion operations.
Remediation
Implement strict input validation and secure file handling practices to prevent arbitrary file deletion:
1. Validate and sanitize all user input: Use allowlists to restrict file names to expected patterns and reject any input containing directory traversal sequences (../, ..\)
2. Use absolute paths and canonicalization: Convert all file paths to their canonical form and verify they remain within the intended directory
// PHP Example
$base_dir = '/var/www/uploads/';
$filename = basename($_POST['file']); // Remove path components
$full_path = realpath($base_dir . $filename);
// Verify the resolved path is within allowed directory
if ($full_path && strpos($full_path, $base_dir) === 0) {
unlink($full_path);
} else {
// Reject invalid path
throw new Exception('Invalid file path');
}3. Implement access controls: Restrict file deletion operations to authenticated users with appropriate permissions
4. Use indirect object references: Instead of accepting file names directly, use database IDs or tokens that map to authorized files
5. Log deletion operations: Maintain audit logs of all file deletion attempts for security monitoring