CVE-2018-10122

HIGH

QingDao Nature Easy Soft Chanzhi Enterprise Portal System pro1.6 - Path Traversal via File.php Pathname Parameter

Title source: llm
STIX 2.1

Description

QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/goodrain-apps/chanzhieps/issues/1

Scores

CVSS v3 7.5
EPSS 0.0217
EPSS Percentile 80.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
chanzhi/chanzhi pro1.6
Published Apr 16, 2018
Tracked Since Feb 18, 2026