This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: DedeCMS 5.7 suffers from an **Information Disclosure** vulnerability. π **Consequences**: Attackers can retrieve the **full server file path** via direct requests to specific PHP files.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: The flaw lies in **improper error handling** or path exposure in `include/downmix.inc.php` and `inc/inc_archives_functions.php`.β¦
π΅οΈ **Hackers Can**: Send direct HTTP requests to trigger errors. πΎ **Data Leaked**: **Full absolute file paths** on the server. π« **Note**: Data is limited to paths, not direct RCE or DB dump in this specific vector.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. π« **Auth Required**: **None**. π **Remote**: Yes, any remote attacker can exploit this without login credentials.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp?**: **YES**. π **PoC**: Available via **Nuclei templates** (projectdiscovery) and GitHub repositories (kongxin520). π **Wild Exploitation**: High potential due to simplicity.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for direct requests to: 1. `/include/downmix.inc.php` 2. `/inc/inc_archives_functions.php`. π **Indicator**: Look for **file path strings** in the HTTP response body.
β‘ **Urgency**: **MEDIUM-HIGH**. π **Risk**: While it only leaks paths, this aids **further attacks** (like LFI or RCE). π **Action**: Patch immediately if running DedeCMS 5.7.