CVE-2018-20571
CVE-2018-20571 affects DamiCMS 6.0.1. An attacker can remotely read arbitrary files by sending a crafted request to admin.php?s=Tpl/Add/id, demonstrated by reading the global configuration file at .\Public\Config\config.ini.php. The underlying issue is an arbitrary file read path handling in the ...