Critical Vulnerability Information Vulnerability Description Vulnerability Type: Arbitrary File Deletion Vulnerability Affected Version: carRental 1.0 Affected Interface: car/updateCar.action Attack Method: Attackers can delete any file on the server by manipulating the parameter. Vulnerability Method Related Code: method located in Code Snippet: Vulnerability Trigger Point Related Code: method located in Code Snippet: Vulnerability Reproduction Steps 1. Create a Test File: Create a file named . 2. Unauthorized Update of Vehicle Information in Database: 3. Call the Update Interface Again to Delete the File: Result The file was successfully deleted. Summary This vulnerability allows attackers to delete any file on the server by crafting a specific value for the parameter, posing a severe security risk. It is recommended to implement strict validation and access control for the parameter to prevent unauthorized file deletion operations.