Path Disclosure Vulnerability in phpwcms by phpwcms Team
CVE-2018-12990

5.3MEDIUM

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 30 June 2018

What is CVE-2018-12990?

The phpwcms version 1.8.9 is susceptible to a path disclosure vulnerability that allows remote attackers to access the installation path of the application by exploiting an invalid csrf_token_value field. This could lead to further attacks by revealing sensitive information that can assist in targeting the system.

References

https://3xpl01tc0d3r.blogspot.com/2018/06/information-dis...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2018
Vulnerability Reserved
Jun 29, 2018

JSON

PHPwcms

What is CVE-2018-12990?

References

CVSS V3.1

Timeline