CVE-2018-20405

LOW Year: 2018
CVSS v3 Score
2.7
Low
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP.

Related Vulnerabilities

CVE-2024-10452

LOW
CVSS:2.7(Low)

Organization admins can delete pending invites created in an organization they are not part of.

CWE-6392024

CVE-2024-30507

LOW
CVSS:2.7(Low)

Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7.

CWE-6392024

CVE-2024-49388

LOW
CVSS:3.1(Low)

Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

CWE-6392024

CVE-2020-4918

LOW
CVSS:2.3(Low)

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X...

CWE-6392020

CVE-2023-44154

LOW
CVSS:3.5(Low)

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

CWE-6392023

CVE-2023-44205

LOW
CVSS:3.5(Low)

Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

CWE-6392023