The Issue

Unrestricted file deletion vulnerabilities are caused by overly trusting a user’s input and allowing the user to manipulate the path of the file to be deleted. This may allow an attacker to create a denial of service scenario.

An attacker must be authenticated to perform this attack.

Where the Issue Occurred

The following code snippet displays the usage of the unlink function in PHP within the lh-ehr application:

unlink($_POST['docid']); 

Source: lh-ehr/patient_portal/import_template.php#30

Disclosure Timeline

• Issue Reported: 23rd July 2018
• Issue Resolved: <TBD>
• Blog Post Published: 7th August 2018
• Applied for CVE: `8th August 2018