CVE-2018-14831

Name of the Vulnerable Software and Affected Versions DamiCMS version 6.0.0

Description The issue allows remote authenticated administrators to read any files on the server by crafting a specific URI, /admin.php?s=Tpl/Add/id/. This is an arbitrary file read vulnerability.

Recommendations For DamiCMS version 6.0.0, consider restricting access to the /admin.php?s=Tpl/Add/id/ endpoint until a patch is available. As a temporary workaround, limit the privileges of administrators to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.