The file path returned by the front end was not filtered.
Delete the file directly using the file name returned by the front end.
File deletion test:
Frist, create the file named "test.txt".
Then,send a request to access '/delete_slideshow' and specify the deletion of the file as the target file.
The target file has been deleted and the attack was successful.

The file path returned by the front end was not filtered.
Delete the file directly using the file name returned by the front end.
File deletion test:
Frist, create the file named "test.txt".
Then,send a request to access '/delete_slideshow' and specify the deletion of the file as the target file.
The target file has been deleted and the attack was successful.