CVE-2018-6880
Description
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
EmpireCMS 6.6 through 7.2 discloses the full path when an array value is passed to certain parameters in class/connect.php.
Vulnerability
EmpireCMS versions 6.6 through 7.2 contain a vulnerability in class/connect.php and e/admin/tool/ShowPic.php where functions like htmlspecialchars() and addslashes() receive an array instead of a string, causing a PHP error that reveals the server's full installation path [1].
Exploitation
An attacker can send a crafted HTTP request with array-valued parameters (e.g., url[], pic_height[] to ShowPic.php or totalnum[], page[] to ListInfo.php) to trigger the error and expose the path [1]. No authentication is required; normal access suffices.
Impact
Successful exploitation leads to disclosure of the full file system path, which can aid in further attacks by revealing the directory structure and potential entry points.
Mitigation
As of the published date (2018-02-12), no official patch or fixed version has been released for this issue. Users should consider applying input validation to ensure parameters are strings, or restrict access to the affected scripts. The vulnerability is documented in the reference [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: >=6.6, <=7.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.mdmitrex_refsource_MISC
- kongxin.gitbook.io/empirecms/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.