Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the «do_del()» method of the component «database.admincp.php».
