PT-2018-17801 · Empirecms · Empirecms

Kongxin

·

Publicado

2018-02-12

·

Atualizado

2022-02-19

·

CVE-2018-6881

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions EmpireCMS version 6.6
Description The issue allows remote attackers to discover the full path via an array value for a parameter to "admin/tool/ShowPic.php" API endpoint.
Recommendations For EmpireCMS version 6.6, consider restricting access to the "admin/tool/ShowPic.php" API endpoint until a patch is available.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-6881

Produtos afetados

Empirecms