A critical arbitrary file deletion vulnerability in VideoWhisper Paid Videochat Turnkey Site could allow attackers to disrupt service availability or cause data loss.

This is an arbitrary file deletion vulnerability where an authenticated performer can manipulate file paths to delete sensitive system files. The vulnerability stems from insufficient input validation during file operations.

The ability to delete arbitrary files on the server poses a severe risk to business continuity and data integrity. With a CVSS score of 9.9, this vulnerability could lead to total service disruption or the deletion of critical configuration files, potentially resulting in complete system compromise or permanent data loss.

Immediate Action: Update the VideoWhisper Paid Videochat Turnkey Site installation to the latest version provided by the vendor.

Proactive Monitoring: Review web server access and error logs for suspicious file deletion requests or unusual path traversal attempts.

Compensating Controls: Implement strict file system permissions to limit the web server process's ability to modify directories outside of the application's required scope.

Public Exploit Available: Not specified

The severity of this vulnerability necessitates immediate attention. Organizations utilizing the affected software must prioritize patching to the latest version to prevent potential system-wide impact. Failure to remediate this issue exposes the application to significant operational risks.