2 matches found
CVE-2018-16237
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
CVE-2018-16237
Summary: CVE-2018-16237 affects damiCMS 6.0.1. The vulnerability is a directory traversal in admin.php, exploitable via the s parameter (example: s=Tpl/Add/id/c:|windows|win.ini), allowing reading arbitrary files. Root cause: input handling that permits traversal using the '|' character. Reported...