CVE-2018-7662
CVE-2018-7662 affects CouchCMS <= 2.0, enabling remote attackers to disclose the server’s full directory path by directly requesting includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. This path disclosure arises from a missing/insufficient input validation in the affected end...