CVE-2018-14831
MEDIUMDamiCMS 6.0.0 - Authenticated Arbitrary File Read via Tpl Add URI
Title source: llmDescription
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/feric/98180bad0a73716e143ff8dc03fda12f
Scores
CVSS v3
4.9
EPSS
0.0159
EPSS Percentile
72.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
damicms/damicms
6.0.0
Published
Jul 10, 2019
Tracked Since
Feb 18, 2026