CVE-2019-8291

Online Store System v1.0 delete_file.php doesn’t check to see if a user has administrative rights nor does it check for path traversal.
Source: NIST
CVE-2019-8291