id: CVE-2018-6910 info: name: DedeCMS 5.7 - Path Disclosure author: pikpikcu severity: high description: DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php impact: | An attacker can use the disclosed path information to gather intelligence for further attacks or exploit other vulnerabilities. remediation: | Apply the latest patch or upgrade to a newer version of DedeCMS to fix the path disclosure vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-6910 - https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md - https://kongxin.gitbook.io/dedecms-5-7-bug/ - https://github.com/zhibx/fscan-Intranet - https://github.com/0ps/pocassistdb classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-6910 cwe-id: CWE-668 epss-score: 0.02422 epss-percentile: 0.89709 cpe: cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dedecms product: dedecms fofa-query: body="dedecms" shodan-query: http.html:"dedecms" tags: cve,cve2018,dedecms http: - method: GET path: - "{{BaseURL}}/include/downmix.inc.php" matchers-condition: and matchers: - type: word part: body words: - "downmix.inc.php" - "Call to undefined function helper()" condition: and - type: status status: - 200 # digest: 4a0a004730450220057eae85c0699ecc345f4158ec61b98fb01dbe82f6b264cee2a711b22c1b3b28022100a931745c97d34d3e518456589ca9cdd2f2d1c4d4920d8748cecdba748eec1d70:922c64590222798bb761d5b6d8e72950