CVE Catalog
CVE-2026-57331
CriticalCVSS 9.9Summary
The Performer Arbitrary File Deletion vulnerability in Paid Videochat Turnkey Site versions up to 7.4.8 allows an attacker to delete arbitrary files on the server. This flaw can be exploited to remove critical system or application files.
Risk Assessment
The risk involves potential deletion of configuration files, logs, or user data, which could lead to service disruption, data loss, or server compromise.
Recommendation
It is recommended to immediately update to the latest version of Paid Videochat Turnkey Site that fixes this vulnerability. If an update is not possible, restrict file deletion functionality to trusted users only.
Original NVD description (English source)
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.

