PT-2018-17800 · Empirecms · Empirecms

Kongxin

·

Publicado

2018-02-12

·

Atualizado

2022-02-19

·

CVE-2018-6880

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions EmpireCMS versions 6.6 through 7.2
Description The issue allows remote attackers to discover the full path via an array value for a parameter to "class/connect.php".
Recommendations For EmpireCMS versions 6.6 through 7.2, update to a version that contains a fix for this issue.

Exploit

Correção

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-668

Identificadores relacionados

CVE-2018-6880

Produtos afetados

Empirecms