THREAT OPS › Threat News › [GHSA] GHSA-c9xg-64p9-f2jj (high) — NukeViet: Path Traversal to Arbitrary File Deletion in Edit Comment Function
[GHSA] GHSA-c9xg-64p9-f2jj (high) — NukeViet: Path Traversal to Arbitrary File Deletion in Edit Comment Function
GHSA-c9xg-64p9-f2jj Severity: high CVE: CVE-2026-54065
NukeViet: Path Traversal to Arbitrary File Deletion in Edit Comment Function
## Summary
Path Traversal to Arbitrary File Deletion in the Edit Comment admin function. An authenticated administrator can delete arbitrary files within the application root (e.g., `config.php`) by injecting a crafted `attach` parameter, rendering the application
MITRE ATT&CK techniques
- File DeletionT1070.004
Indicators of compromise
- CVE-2026-54065cve
Original source: https://github.com/advisories/GHSA-c9xg-64p9-f2jj