intelliants/subrion is vulnerable to cross-site request forgery (CSRF). The vulnerability exists as it improperly invalidates the CSRF token for the panel/uploads/read.json
GET request, potentially causing deletion of a file pass when the cmd=rm
parameter value is set.