This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A path disclosure flaw in Webzyme Couch CMS. π₯ **Consequences**: Attackers can retrieve the **full server file path** via direct requests to specific PHP files.β¦
π‘οΈ **Root Cause**: Improper error handling or path exposure in PHP scripts. π **Flaw**: The files `includes/mysql2i/mysql2i.func.php` and `addons/phpmailer/phpmailer.php` expose internal paths when accessed directly.β¦
π₯ **Affected**: Webzyme Couch CMS. π¦ **Versions**: Version **2.0 and earlier**. π’ **Vendor**: Webzyme Softwares (US-based).
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers Can**: Discover the **absolute full path** of the web root. π **Impact**: This info helps attackers map the server structure, potentially facilitating Local File Inclusion (LFI) or other path-based exploits.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. π« **Auth**: No authentication required. βοΈ **Config**: Exploitable via **direct HTTP requests** to specific endpoints. Anyone on the internet can trigger it.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: **YES**. π§ͺ **PoC**: Available via Nuclei templates (ProjectDiscovery).β¦
π **Self-Check**: Scan for direct access to: 1. `/includes/mysql2i/mysql2i.func.php` 2. `/addons/phpmailer/phpmailer.php`. π‘ **Tool**: Use Nuclei or custom scripts to check for path leakage in responses.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Fix**: Update to a version **newer than 2.0**. π₯ **Patch**: Check official GitHub issues for updates. π **Ref**: [CouchCMS Issue #46](https://github.com/CouchCMS/CouchCMS/issues/46).
Q9What if no patch? (Workaround)
π§ **No Patch?**: Block direct access to the vulnerable PHP files via **Web Application Firewall (WAF)** or **Nginx/Apache config**. π« **Rule**: Deny requests to `mysql2i.func.php` and `phpmailer.php` if not needed.
Q10Is it urgent? (Priority Suggestion)
β‘ **Urgency**: **HIGH**. π **Published**: March 2018. π― **Priority**: Immediate patching recommended. Path disclosure is a critical stepping stone for deeper server compromise.