PT-2018-15441 · Damicms · Damicms
Letmejustdoit
·
Publicado
2018-12-28
·
Atualizado
2019-01-11
·
CVE-2018-20571
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DamiCMS version 6.0.1
Description
The issue allows remote attackers to read arbitrary files by sending a crafted request to the
admin.php?s=Tpl/Add/id endpoint. For example, an attacker can read the global configuration file by accessing admin.php?s=Tpl/Add/id/.PublicConfigconfig.ini.php.Recommendations
For DamiCMS version 6.0.1, restrict access to the
admin.php?s=Tpl/Add/id endpoint to minimize the risk of exploitation. Avoid using the id parameter in the affected endpoint until the issue is resolved.Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Damicms