Vulnerabilities > CVE-2018-6880 - Exposure of Resource to Wrong Sphere vulnerability in Phome Empirecms 6.6/7.0/7.2

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
phome
CWE-668

Summary

EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.

Vulnerable Configurations

Part Description Count
Application
Phome
3

Common Weakness Enumeration (CWE)