cbcvebase.
CVE-2018-12054
published 2018-06-08

CVE-2018-12054: Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.

PriorityP264high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
39.39%
98.4th percentile
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.

Detection & IOCsextracted from sources · hover to see the quote

path/img.php?f=/./etc/./passwd
url{{BaseURL}}/img.php?f=/./etc/./passwd
yara
regex: root:.*:0:0:
  • The vulnerability is triggered via the `f` parameter in `img.php` using absolute path traversal with dot-segment obfuscation (e.g., /./etc/./passwd). Monitor GET requests to img.php with path traversal patterns in the `f` parameter.
  • A successful exploitation response will contain the content of /etc/passwd, detectable by the regex pattern `root:.*:0:0:` in the HTTP response body with a 200 status code.
  • ·The traversal payload uses dot-segment obfuscation (/./etc/./passwd) rather than classic ../ sequences, meaning standard path traversal WAF rules may not catch this variant.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.