CVE-2018-20602

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.

Source: CVE-2018-20602