Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframeappattachmentadminindex.php, which allows attackers to access sensitive information.