CVE-2018-6881

CVE: CVE-2018-6881
Published: 2018-02-12T03:29Z
Vendor: phome
Products: empirecms
Versions: 6.6, 7.0, 7.2,
Description Language: en
Description: EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
References:
https://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.md