A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.Referenceshttp://www.andmp.com/2018/02/advisory-assigned-cve-2018-7308-csrf.htmlhttps://github.com/DanWin/hosting/issues/18
