A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal3/zzcms%20class.php%20Directory%20traversal.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.275113 | Permissions Required |
https://vuldb.com/?id.275113 | Third Party Advisory |
https://vuldb.com/?submit.392186 | Third Party Advisory |
Configurations
History
04 Sep 2024, 18:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.5 |
First Time |
Zzcms
Zzcms zzcms |
|
References | () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal3/zzcms%20class.php%20Directory%20traversal.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.275113 - Permissions Required | |
References | () https://vuldb.com/?id.275113 - Third Party Advisory | |
References | () https://vuldb.com/?submit.392186 - Third Party Advisory |
20 Aug 2024, 15:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
19 Aug 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-19 20:15
Updated : 2024-09-04 18:44
NVD link : CVE-2024-7927
Mitre link : CVE-2024-7927
CVE.ORG link : CVE-2024-7927
JSON object : View
Products Affected
zzcms
- zzcms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')