exploitDog

GHSA-5429-w5jc-q743

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.

Ссылки

EPSS

Процентиль: 56%

0.00333

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-20571

CVSS3: 7.5

nvd

около 7 лет назад

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.

EPSS

Процентиль: 56%

0.00333

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-200