Skip to content
Nuclei Templates

DedeCMS 5.7 - Path Disclosure

ID: CVE-2018-6910

Severity: high

Author: pikpikcu

Tags: cve,cve2018,dedecms

Description

Section titled “Description”

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php

YAML Source

Section titled “YAML Source”
id: CVE-2018-6910


info:
  name: DedeCMS 5.7 - Path Disclosure
  author: pikpikcu
  severity: high
  description: DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php
  impact: |
    An attacker can use the disclosed path information to gather intelligence for further attacks or exploit other vulnerabilities.
  remediation: |
    Apply the latest patch or upgrade to a newer version of DedeCMS to fix the path disclosure vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2018-6910
    - https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md
    - https://kongxin.gitbook.io/dedecms-5-7-bug/
    - https://github.com/zhibx/fscan-Intranet
    - https://github.com/0ps/pocassistdb
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-6910
    cwe-id: CWE-668
    epss-score: 0.02422
    epss-percentile: 0.89709
    cpe: cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dedecms
    product: dedecms
    shodan-query:
      - http.html:"dedecms"
      - cpe:"cpe:2.3:a:dedecms:dedecms"
    fofa-query:
      - body="dedecms"
      - app="dedecms"
  tags: cve,cve2018,dedecms


http:
  - method: GET
    path:
      - "{{BaseURL}}/include/downmix.inc.php"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "downmix.inc.php"
          - "Call to undefined function helper()"
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a00473045022060b61e4fbb945689057664470f39f386aa8e91eb23d3e7e2ed31fa693e161b74022100c41ff636958b46facda5889a20f77ddef5c12669af4e1fd0c31871b95e8a4911:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-6910.yaml"

View on Github