Vulnerabilities > CVE-2018-6910 - Exposure of Resource to Wrong Sphere vulnerability in Dedecms 5.7

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
dedecms
CWE-668
NVD
Published: 2018-02-13
Updated: 2022-02-19

Summary

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.

Vulnerable Configurations

Part Description Count
Application
Dedecms
1

Common Weakness Enumeration (CWE)

References