A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839.
References
Link | Resource |
---|---|
https://note.zhaoj.in/share/n3QsNbORUR0e | Broken Link |
https://vuldb.com/?ctiid.250839 | Third Party Advisory |
https://vuldb.com/?id.250839 | Third Party Advisory |
https://note.zhaoj.in/share/n3QsNbORUR0e | Broken Link |
https://vuldb.com/?ctiid.250839 | Third Party Advisory |
https://vuldb.com/?id.250839 | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.3 |
References | () https://note.zhaoj.in/share/n3QsNbORUR0e - Broken Link | |
References | () https://vuldb.com/?ctiid.250839 - Third Party Advisory | |
References | () https://vuldb.com/?id.250839 - Third Party Advisory |
23 Jan 2024, 16:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://note.zhaoj.in/share/n3QsNbORUR0e - Broken Link | |
References | () https://vuldb.com/?id.250839 - Third Party Advisory | |
References | () https://vuldb.com/?ctiid.250839 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:zhicms:zhicms:*:*:*:*:*:*:*:* |
16 Jan 2024, 23:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-16 22:15
Updated : 2024-11-21 08:46
NVD link : CVE-2024-0603
Mitre link : CVE-2024-0603
CVE.ORG link : CVE-2024-0603
JSON object : View
Products Affected
zhicms
- zhicms
CWE
CWE-502
Deserialization of Untrusted Data