Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to manipulate certain data. Input passed via the “f” parameter to delete.php is not properly sanitized before deleting files. This can be exploited to delete arbitrary files with the permissions of the web server via directory traversal attacks. Successful exploitation requires authentication.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87596/secunia-pulsedelete.txt
Source: https://packetstormsecurity.com/files/87596/Pulse-CMS-Arbitrary-File-Deletion.html