CVE-2018-16237

Name of the Vulnerable Software and Affected Versions damiCMS version 6.0.1

Description An issue was discovered in damiCMS, where Directory Traversal is possible via '|' characters in the s parameter to "admin.php", as demonstrated by an "admin.php?s=Tpl/Add/id/c:|windows|win.ini" URI.

Recommendations For damiCMS version 6.0.1, consider restricting access to the "admin.php" endpoint to minimize the risk of exploitation, and avoid using the s parameter with '|' characters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.