CVE-2022-43351
Description
Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Sanitization Management System v1.0 allows unauthenticated arbitrary file deletion via the delete_img endpoint in Master.php.
Vulnerability
Sanitization Management System v1.0, as distributed by SourceCodester, contains an arbitrary file deletion vulnerability in the /classes/Master.php?f=delete_img endpoint. The application fails to validate the path parameter supplied via a POST request, allowing an attacker to specify any file path on the server for deletion. No authentication is required to reach this endpoint, making the vulnerability accessible to any remote attacker. The affected version is v1.0 as described in the official source [1].
Exploitation
An attacker with network access to the application can exploit this vulnerability by sending a crafted POST request to /classes/Master.php?f=delete_img with a path parameter containing the absolute path of the target file. The reference demonstrates a payload that deletes a file named shell.php from the uploads directory. The server responds with a success message, and the file is removed. No special privileges or user interaction are required; the attacker only needs to know the file path [1].
Impact
Successful exploitation allows an attacker to delete arbitrary files on the server, including configuration files, application code, or critical system files. This can lead to denial of service, application malfunction, or further compromise if essential files (e.g., .htaccess, index.php) are removed. The vulnerability does not directly enable remote code execution, but it can facilitate other attacks by removing security controls or disrupting operations.
Mitigation
As of the publication date (2022-11-07), no official patch or updated version has been released by the vendor. The only mitigation is to restrict access to the vulnerable endpoint, such as by removing the delete_img functionality or implementing proper authentication and authorization checks. Administrators should also consider using a web application firewall (WAF) to block requests containing suspicious path parameters. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Sanitization Management System/Sanitization Management Systemdescription
- Range: = 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.