CVE-2018-18778

MEDIUM NUCLEI LAB

Acme Mini-httpd < 1.30 - Information Disclosure

Title source: rule

Description

ACME mini_httpd before 1.30 lets remote users read arbitrary files.

Exploits (2)

nomisec SCANNER 1 stars
by auk0x01 · poc
https://github.com/auk0x01/CVE-2018-18778-Scanner
nomisec WRITEUP
by cyberharsh · poc
https://github.com/cyberharsh/Mini_httpd-CVE-2018-18778

Nuclei Templates (1)

ACME mini_httpd <1.30 - Local File Inclusion
MEDIUMby DhiyaneshDK,dogasantos
Shodan: Server: mini_httpd && 200 || cpe:"cpe:2.3:a:acme:mini-httpd" || server: mini_httpd && 200

References (1)

Scores

CVSS v3 6.5
EPSS 0.9258
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/mini_httpd:1.29

Details

CWE
CWE-200
Status published
Products (1)
acme/mini-httpd < 1.30
Published Oct 29, 2018
Tracked Since Feb 18, 2026