PT-2018-15470 · Imcat · Imcat
Published
2018-12-30
·
Updated
2019-01-09
·
CVE-2018-20606
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
imcat version 4.4
Description
The issue allows for full path disclosure through a specific URI. The affected endpoint is "dev.php?tools-ipaddr&api=Pcoln&uip=" and it is related to the
uip variable.Recommendations
For imcat version 4.4, consider restricting access to the "dev.php" endpoint until a fix is available, or avoid using the
uip variable in the affected API endpoint to minimize the risk of exploitation.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imcat