CVE-2018-16237

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
30/08/2018
Last modified:
19/10/2018

Description

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:damicms:damicms:6.0.1:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools