VYPR
High severity7.5NVD Advisory· Published Dec 26, 2018· Updated Jun 17, 2026

CVE-2018-20478

CVE-2018-20478

Description

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.