以下是该漏洞报告中的关键信息,使用简洁的Markdown格式整理: --- ZenTao Vulnerability Report: file::delete() Horizontal Privilege Escalation - Arbitrary File Deletion I. Vulnerability Overview Vulnerability Name: file::delete() Horizontal Privilege Escalation - Arbitrary File Deletion Severity: Medium CWE Classification: CWE-639 (Authorization Bypass Through User-Controlled Key) Affected Module: file Location: module/file/control.php:310-333 Vulnerability Type: Horizontal Privilege Escalation (IDOR) Core Issue: The interface accepts user-controlled parameter but lacks object-level permission checks, allowing attackers to delete arbitrary files by modifying the parameter. II. Source Code Audit Analysis 2.1 Root Cause of Horizontal Privilege Escalation The interface does not perform object-level permission checks. 2.2 Vulnerability Code Analysis Method Implementation: Missing permission checks for comment attachments. Method Handling of Comment Attachments: Performs no permission check for comment attachments. 2.3 Comparison: Permission Check in Method The method calls for permission check, but the method completely lacks such calls. III. Exploitation Scenarios of Horizontal Privilege Escalation Exploitation Principle: Attackers can delete arbitrary files by modifying the parameter if the files belong to the current user or are associated with objects the current user has permission to access. Exploitation Example: Deleting a comment attachment as a demonstration. IV. Impact Assessment Scope: Attackers can delete attachments of all object types and from all users. Specific Impact: Compromises comment integrity and affects user expression freedom. V. Remediation Recommendations Immediate Fix: Add permission checks in the method. Enhanced Method: Add special handling for comment attachments. VII. Summary Root Cause: Design inconsistency and missing permission checks. Impact: Medium severity, allowing arbitrary file deletion. Fix Priority: P1 (High Priority) due to the wide scope and potential data loss. --- This report covers the key aspects of the vulnerability, including its root cause, impact, exploitation scenarios, and remediation recommendations.