CVE-2018-20405

BigTree CMS 4.3 contains an information disclosure in the admin/news input path: authenticated access can trigger a syntax error that reveals the server path. This is described across multiple sources (NVD/CNVD/OSV). Root cause: path disclosure through a crafted admin/news input that triggers a s...