Kongxin

#9614of 53,630
28.7Total CVSS
Vulnerabilities · 5
Medium
4
High
1
PT-2018-18094
5.3
2018-02-26
Yzmcms · Yzmcms · CVE-2018-7479
**Name of the Vulnerable Software and Affected Versions** YzmCMS version 3.6 **Description** The issue allows remote attackers to discover the full path of the application via a direct request to "application/install/templates/s1.php". **Recommendations** For YzmCMS version 3.6, consider restricting access to the "application/install/templates/s1.php" endpoint to minimize the risk of path disclosure.
PT-2018-18068
5.3
2018-02-24
Zzcms · Zzcms · CVE-2018-7434
**Name of the Vulnerable Software and Affected Versions** zzcms version 8.2 **Description** The issue allows remote attackers to discover the full path via a direct request to "3/qq connect2.0/API/class/ErrorCase.class.php" or "3/ucenter api/code/friend.php". **Recommendations** For zzcms version 8.2, as a temporary workaround, consider restricting access to the "3/qq connect2.0/API/class/ErrorCase.class.php" and "3/ucenter api/code/friend.php" API endpoints until a patch is available.
PT-2018-17818
7.5
2018-02-13
Dedecms · Dedecms · CVE-2018-6910
**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** The issue allows remote attackers to discover the full path of the system via a direct request for certain files, such as "include/downmix.inc.php" or "inc/inc archives functions.php". **Recommendations** For DedeCMS version 5.7, consider restricting direct access to sensitive files like "include/downmix.inc.php" and "inc/inc archives functions.php" to prevent path disclosure.
PT-2018-17800
5.3
2018-02-12
Empirecms · Empirecms · CVE-2018-6880
**Name of the Vulnerable Software and Affected Versions** EmpireCMS versions 6.6 through 7.2 **Description** The issue allows remote attackers to discover the full path via an array value for a parameter to "class/connect.php". **Recommendations** For EmpireCMS versions 6.6 through 7.2, update to a version that contains a fix for this issue.
PT-2018-17801
5.3
2018-02-12
Empirecms · Empirecms · CVE-2018-6881
**Name of the Vulnerable Software and Affected Versions** EmpireCMS version 6.6 **Description** The issue allows remote attackers to discover the full path via an array value for a parameter to "admin/tool/ShowPic.php" API endpoint. **Recommendations** For EmpireCMS version 6.6, consider restricting access to the "admin/tool/ShowPic.php" API endpoint until a patch is available.