PT-2018-17818 · Dedecms · Dedecms

Kongxin

·

Publicado

2018-02-13

·

Atualizado

2022-02-19

·

CVE-2018-6910

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7
Description The issue allows remote attackers to discover the full path of the system via a direct request for certain files, such as "include/downmix.inc.php" or "inc/inc archives functions.php".
Recommendations For DedeCMS version 5.7, consider restricting direct access to sensitive files like "include/downmix.inc.php" and "inc/inc archives functions.php" to prevent path disclosure.

Exploit

Correção

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-668

Identificadores relacionados

CVE-2018-6910

Produtos afetados

Dedecms