CVE-2018-20604

2022-10-0316:22:04

mitre

www.cve.org

lei feng tv cms

directory traversal

template edit path

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of …* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web………*…*1.txt.html URI to read the 1.txt file.

References

github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#directory-traversal