CVE-2024-0603

A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:zhicms:zhicms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:46

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 7.3
References () https://note.zhaoj.in/share/n3QsNbORUR0e - Broken Link () https://note.zhaoj.in/share/n3QsNbORUR0e - Broken Link
References () https://vuldb.com/?ctiid.250839 - Third Party Advisory () https://vuldb.com/?ctiid.250839 - Third Party Advisory
References () https://vuldb.com/?id.250839 - Third Party Advisory () https://vuldb.com/?id.250839 - Third Party Advisory

23 Jan 2024, 16:46

Type Values Removed Values Added
References () https://note.zhaoj.in/share/n3QsNbORUR0e - () https://note.zhaoj.in/share/n3QsNbORUR0e - Broken Link
References () https://vuldb.com/?id.250839 - () https://vuldb.com/?id.250839 - Third Party Advisory
References () https://vuldb.com/?ctiid.250839 - () https://vuldb.com/?ctiid.250839 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:zhicms:zhicms:*:*:*:*:*:*:*:*

16 Jan 2024, 23:12

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-16 22:15

Updated : 2024-11-21 08:46


NVD link : CVE-2024-0603

Mitre link : CVE-2024-0603

CVE.ORG link : CVE-2024-0603


JSON object : View

Products Affected

zhicms

  • zhicms
CWE
CWE-502

Deserialization of Untrusted Data