PT-2018-15470 · Imcat · Imcat
Publicado
2018-12-30
·
Atualizado
2019-01-09
·
CVE-2018-20606
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
imcat version 4.4
Description
The issue allows for full path disclosure through a specific URI. The affected endpoint is "dev.php?tools-ipaddr&api=Pcoln&uip=" and it is related to the
uip variable.Recommendations
For imcat version 4.4, consider restricting access to the "dev.php" endpoint until a fix is available, or avoid using the
uip variable in the affected API endpoint to minimize the risk of exploitation.Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Imcat