CVE-2018-6881

EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
References
Link Resource
https://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.md Broken Link Third Party Advisory
https://kongxin.gitbook.io/empirecms/ Exploit Third Party Advisory
https://kongxin.gitbook.io/dedecms-5-7-bug/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:phome:empirecms:6.6:*:*:*:*:*:*:*
cpe:2.3:a:phome:empirecms:7.0:*:*:*:*:*:*:*
cpe:2.3:a:phome:empirecms:7.2:*:*:*:*:*:*:*
cpe:2.3:a:dedecms:dedecms:5.7:-:*:*:*:*:*:*

Information

Published : 2018-02-12 03:29

Updated : 2022-02-19 04:28


NVD link : CVE-2018-6881

Mitre link : CVE-2018-6881

Products Affected
No products.
CWE