CVE-2018-14831

MEDIUM

DamiCMS 6.0.0 - Authenticated Arbitrary File Read via Tpl Add URI

Title source: llm
STIX 2.1

Description

An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/feric/98180bad0a73716e143ff8dc03fda12f

Scores

CVSS v3 4.9
EPSS 0.0159
EPSS Percentile 72.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
damicms/damicms 6.0.0
Published Jul 10, 2019
Tracked Since Feb 18, 2026