exploitDog

CVE-2018-7479

Опубликовано: 26 фев. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.

Ссылки

https://github.com/kongxin520/YzmCMS/blob/master/YzmCMS_3.6_bug.md
Exploit
Third Party Advisory
https://kongxin.gitbook.io/yzmcms-3-6-bug/
Exploit
Third Party Advisory
https://github.com/kongxin520/YzmCMS/blob/master/YzmCMS_3.6_bug.md
Exploit
Third Party Advisory
https://kongxin.gitbook.io/yzmcms-3-6-bug/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yzmcms:yzmcms:3.6:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00396

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-95f3-jw2h-5348

CVSS3: 5.3

github

больше 3 лет назад

YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.

EPSS

Процентиль: 60%

0.00396

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-668